Avred

File 8021A70FB5CF073B.Seatbelt.exe.avg.exe

Name:	8021A70FB5CF073B.Seatbelt.exe.avg.exe
Size:	611,840 bytes
Type:	EXE PE.NET
MD5:	fc15a64503b4c20ddecff587d6b11c15

Scanner Name:	avg
Appraisal:	Fragile (AND) based
Scan Debug:	Duration: 72s / Chunks: 336 / Matches: 74
Scan date:	2023-07-21 22:10:00

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
0	0	177244	51	.text #~		DATA	Dominant. Modify this to make file undetected
1	0	177856	51	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
2	0	178061	25	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
3	0	178137	26	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
4	0	178418	52	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
5	0	178930	51	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
6	0	179414	77	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
7	0	179618	78	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
9	0	179874	128	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
14	1	419351	17	.text #Strings		DATA	Dominant. Modify this to make file undetected
15	1	420272	34	.text #Strings		DATA	Dominant. Modify this to make file undetected
19	1	425309	50	.text #Strings		DATA	Dominant. Modify this to make file undetected
29	1	436136	67	.text #Strings		DATA	Dominant. Modify this to make file undetected
32	1	436907	67	.text #Strings		DATA	Dominant. Modify this to make file undetected
33	1	438112	67	.text #Strings		DATA	Dominant. Modify this to make file undetected
37	1	442463	67	.text #Strings		DATA	Dominant. Modify this to make file undetected

Match 0: 177244 (size: 51)

Dominant. Modify this to make file undetected

.text #~

0002B45C   00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00    ........W..?....
0002B46C   00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00    ...3............
0002B47C   9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00    ....*...l...$...
0002B48C   87 02 00                                           ...

Match 1: 177856 (size: 51)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B6C0   00 00 12 00 A5 A7 00 00 25 DC 00 00 06 00 E3 C9    ........%.......
0002B6D0   00 00 2F 01 01 00 06 00 69 B2 00 00 B5 1D 00 00    ../.....i.......
0002B6E0   06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00    ..l.........v...
0002B6F0   FA B2 00                                           ...

0x2b6b8: TypeRef[47]: ResolutionScope: ref table AssemblyRef[1] TypeName: IDisposable TypeNamespace: System

0x2b6c2: TypeRef[48]: ResolutionScope: ref table AssemblyRef[4] TypeName: Stopwatch TypeNamespace: System.Diagnostics

0x2b6cc: TypeRef[49]: ResolutionScope: ref table AssemblyRef[1] TypeName: StringBuilder TypeNamespace: System.Text

0x2b6d6: TypeRef[50]: ResolutionScope: ref table AssemblyRef[1] TypeName: Stream TypeNamespace: System.IO

0x2b6e0: TypeRef[51]: ResolutionScope: ref table AssemblyRef[1] TypeName: BinaryReader TypeNamespace: System.IO

0x2b6ea: TypeRef[52]: ResolutionScope: ref table AssemblyRef[1] TypeName: DateTime TypeNamespace: System

Match 2: 178061 (size: 25)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B78D   9E 00 00 FA B2 00 00 06 00 13 CD 00 00 B5 1D 00    ................
0002B79D   00 06 00 63 B2 00 00 B5 1D                         ...c.....

0x2b78a: TypeRef[68]: ResolutionScope: ref table AssemblyRef[1] TypeName: ParamArrayAttribute TypeNamespace: System

0x2b794: TypeRef[69]: ResolutionScope: ref table AssemblyRef[1] TypeName: StreamWriter TypeNamespace: System.IO

0x2b79e: TypeRef[70]: ResolutionScope: ref table AssemblyRef[1] TypeName: MemoryStream TypeNamespace: System.IO

Match 3: 178137 (size: 26)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B7D9   00 06 00 73 DB 00 00 FA B2 00 00 12 00 74 F1 00    ...s.........t..
0002B7E9   00 9B F5 00 00 06 00 6F F0 00                      .......o..

0x2b7d0: TypeRef[75]: ResolutionScope: ref table AssemblyRef[1] TypeName: SuppressUnmanagedCodeSecurityAttribute TypeNamespace: System.Security

0x2b7da: TypeRef[76]: ResolutionScope: ref table AssemblyRef[1] TypeName: IntPtr TypeNamespace: System

0x2b7e4: TypeRef[77]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPAddress TypeNamespace: System.Net

0x2b7ee: TypeRef[78]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileAccess TypeNamespace: System.IO

Match 4: 178418 (size: 52)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B8F2   06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00    ............T...
0002B902   B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00    ......,.........
0002B912   F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E5 F8    ..........H.....
0002B922   00 00 06 00                                        ....

0x2b8f2: TypeRef[104]: ResolutionScope: ref table AssemblyRef[1] TypeName: IOException TypeNamespace: System.IO

0x2b8fc: TypeRef[105]: ResolutionScope: ref table AssemblyRef[1] TypeName: StreamReader TypeNamespace: System.IO

0x2b906: TypeRef[106]: ResolutionScope: ref table AssemblyRef[1] TypeName: UnauthorizedAccessException TypeNamespace: System

0x2b910: TypeRef[107]: ResolutionScope: ref table AssemblyRef[1] TypeName: PathTooLongException TypeNamespace: System.IO

0x2b91a: TypeRef[108]: ResolutionScope: ref table AssemblyRef[2] TypeName: ManagementException TypeNamespace: System.Management

0x2b924: TypeRef[109]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileInfo TypeNamespace: System.IO

Match 5: 178930 (size: 51)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BAF2   27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D    '..............-
0002BB02   00 00 0A 00 E2 AE 00 00 E5 F8 00 00 0A 00 37 94    ..............7.
0002BB12   00 00 E5 F8 00 00 06 00 A6 09 01 00 B5 1D 00 00    ................
0002BB22   06 00 7C                                           ..|

0x2baf0: TypeRef[155]: ResolutionScope: ref table AssemblyRef[1] TypeName: StringComparer TypeNamespace: System

0x2bafa: TypeRef[156]: ResolutionScope: ref table AssemblyRef[1] TypeName: IEqualityComparer`1 TypeNamespace: System.Collections.Generic

0x2bb04: TypeRef[157]: ResolutionScope: ref table AssemblyRef[2] TypeName: ImpersonationLevel TypeNamespace: System.Management

0x2bb0e: TypeRef[158]: ResolutionScope: ref table AssemblyRef[2] TypeName: ManagementScope TypeNamespace: System.Management

0x2bb18: TypeRef[159]: ResolutionScope: ref table AssemblyRef[1] TypeName: Directory TypeNamespace: System.IO

0x2bb22: TypeRef[160]: ResolutionScope: ref table AssemblyRef[1] TypeName: Environment TypeNamespace: System

Match 6: 179414 (size: 77)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BCD6   B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00    ................
0002BCE6   55 CB 00 00 FA B2 00 00 06 00 5E C1 00 00 B5 1D    U.........^.....
0002BCF6   00 00 06 00 A0 A2 00 00 2F 01 01 00 06 00 F1 EE    ......../.......
0002BD06   00 00 14 DE 00 00 06 00 11 84 00 00 FA B2 00 00    ................
0002BD16   06 00 8E C9 00 00 2B 07 01 00 06 00 67             ......+.....g

0x2bcd0: TypeRef[203]: ResolutionScope: ref table AssemblyRef[1] TypeName: TextReader TypeNamespace: System.IO

0x2bcda: TypeRef[204]: ResolutionScope: ref table AssemblyRef[1] TypeName: AppDomain TypeNamespace: System

0x2bce4: TypeRef[205]: ResolutionScope: ref table AssemblyRef[1] TypeName: ResolveEventHandler TypeNamespace: System

0x2bcee: TypeRef[206]: ResolutionScope: ref table AssemblyRef[1] TypeName: SearchOption TypeNamespace: System.IO

0x2bcf8: TypeRef[207]: ResolutionScope: ref table AssemblyRef[1] TypeName: Encoding TypeNamespace: System.Text

0x2bd02: TypeRef[208]: ResolutionScope: ref table AssemblyRef[1] TypeName: RuntimeHelpers TypeNamespace: System.Runtime.CompilerServices

0x2bd0c: TypeRef[209]: ResolutionScope: ref table AssemblyRef[1] TypeName: RuntimeFieldHandle TypeNamespace: System

0x2bd16: TypeRef[210]: ResolutionScope: ref table AssemblyRef[1] TypeName: SHA1CryptoServiceProvider TypeNamespace: System.Security.Cryptography

0x2bd20: TypeRef[211]: ResolutionScope: ref table AssemblyRef[1] TypeName: HashAlgorithm TypeNamespace: System.Security.Cryptography

Match 7: 179618 (size: 78)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BDA2   06 00 64 0D 00 00 FA B2 00 00 06 00 4E E2 00 00    ..d.........N...
0002BDB2   C7 BC 00 00 06 00 43 AA 00 00 B5 1D 00 00 06 00    ......C.........
0002BDC2   3B 9A 00 00 8F E3 00 00 12 00 CD E0 00 00 E1 BA    ;...............
0002BDD2   00 00 12 00 B0 BE 00 00 E1 BA 00 00 12 00 E6 BE    ................
0002BDE2   00 00 E1 BA 00 00 06 00 DA 10 00 00 FA B2          ..............

0x2bda2: TypeRef[224]: ResolutionScope: ref table AssemblyRef[1] TypeName: Int64 TypeNamespace: System

0x2bdac: TypeRef[225]: ResolutionScope: ref table AssemblyRef[1] TypeName: NumberStyles TypeNamespace: System.Globalization

0x2bdb6: TypeRef[226]: ResolutionScope: ref table AssemblyRef[1] TypeName: Path TypeNamespace: System.IO

0x2bdc0: TypeRef[227]: ResolutionScope: ref table AssemblyRef[1] TypeName: X509Certificate TypeNamespace: System.Security.Cryptography.X509Certificates

0x2bdca: TypeRef[228]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPInterfaceProperties TypeNamespace: System.Net.NetworkInformation

0x2bdd4: TypeRef[229]: ResolutionScope: ref table AssemblyRef[4] TypeName: UnicastIPAddressInformationCollection TypeNamespace: System.Net.NetworkInformation

0x2bdde: TypeRef[230]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPAddressCollection TypeNamespace: System.Net.NetworkInformation

0x2bde8: TypeRef[231]: ResolutionScope: ref table AssemblyRef[1] TypeName: Int16 TypeNamespace: System

Match 9: 179874 (size: 128)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BEA2   4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00    L...............
0002BEB2   90 00 01 00 57 EC 00 00 1A 00 F1 82 00 00 FF B0    ....W...........
0002BEC2   00 00 06 00 A8 85 00 00 FA B2 00 00 06 00 DB C1    ................
0002BED2   00 00 B5 1D 00 00 06 00 1C C2 00 00 FA B2 00 00    ................
0002BEE2   06 00 83 C2 00 00 C1 0A 01 00 06 00 C0 C5 00 00    ................
0002BEF2   B5 1D 00 00 06 00 4F 0B 01 00 B8 E9 00 00 12 00    ......O.........
0002BF02   AE BB 00 00 E1 BA 00 00 12 00 49 BE 00 00 25 DC    ..........I...%.
0002BF12   00 00 06 00 9E 98 00 00 57 EC 00 00 1A 00 99 C6    ........W.......

0x2be9c: TypeRef[249]: ResolutionScope: ref table AssemblyRef[1] TypeName: ObjectSecurity TypeNamespace: System.Security.AccessControl

0x2bea6: TypeRef[250]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileSystemInfo TypeNamespace: System.IO

0x2beb0: TypeRef[251]: ResolutionScope: ref table AssemblyRef[1] TypeName: ArrayList TypeNamespace: System.Collections

0x2beba: TypeRef[252]: ResolutionScope: ref table AssemblyRef[6] TypeName: XmlNameTable TypeNamespace: System.Xml

0x2bec4: TypeRef[253]: ResolutionScope: ref table AssemblyRef[1] TypeName: Single TypeNamespace: System

0x2bece: TypeRef[254]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileNotFoundException TypeNamespace: System.IO

0x2bed8: TypeRef[255]: ResolutionScope: ref table AssemblyRef[1] TypeName: SystemException TypeNamespace: System

0x2bee2: TypeRef[256]: ResolutionScope: ref table AssemblyRef[1] TypeName: SecurityException TypeNamespace: System.Security

0x2beec: TypeRef[257]: ResolutionScope: ref table AssemblyRef[1] TypeName: DirectoryInfo TypeNamespace: System.IO

0x2bef6: TypeRef[258]: ResolutionScope: ref table AssemblyRef[1] TypeName: ClaimsIdentity TypeNamespace: System.Security.Claims

0x2bf00: TypeRef[259]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPAddressInformation TypeNamespace: System.Net.NetworkInformation

0x2bf0a: TypeRef[260]: ResolutionScope: ref table AssemblyRef[4] TypeName: ProcessModuleCollection TypeNamespace: System.Diagnostics

0x2bf14: TypeRef[261]: ResolutionScope: ref table AssemblyRef[1] TypeName: ReadOnlyCollectionBase TypeNamespace: System.Collections

0x2bf1e: TypeRef[262]: ResolutionScope: ref table AssemblyRef[6] TypeName: XmlNamedNodeMap TypeNamespace: System.Xml

Match 14: 419351 (size: 17)

Dominant. Modify this to make file undetected

.text #Strings

00066617   64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00 43    de.PaddingMode.C
00066627   69                                                 i

Match 15: 420272 (size: 34)

Dominant. Modify this to make file undetected

.text #Strings

000669B0   6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E 75 6D    numerable.AsEnum
000669C0   65 72 61 62 6C 65 00 49 44 69 73 70 6F 73 61 62    erable.IDisposab
000669D0   6C 65                                              le

Match 19: 425309 (size: 50)

Dominant. Modify this to make file undetected

.text #Strings

00067D5D   00 67 65 74 5F 50 72 6F 70 65 72 74 79 54 79 70    .get_PropertyTyp
00067D6D   65 00 74 79 70 65 00 46 69 6C 65 53 68 61 72 65    e.type.FileShare
00067D7D   00 73 68 61 72 65 00 43 6F 6D 70 61 72 65 00 53    .share.Compare.S
00067D8D   65 74                                              et

Match 29: 436136 (size: 67)

Dominant. Modify this to make file undetected

.text #Strings

0006A7A8   74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D 65 6E    tion.NotImplemen
0006A7B8   74 65 64 45 78 63 65 70 74 69 6F 6E 00 50 6C 61    tedException.Pla
0006A7C8   74 66 6F 72 6D 4E 6F 74 53 75 70 70 6F 72 74 65    tformNotSupporte
0006A7D8   64 45 78 63 65 70 74 69 6F 6E 00 46 69 6C 65 4E    dException.FileN
0006A7E8   6F 74 46                                           otF

Match 32: 436907 (size: 67)

Dominant. Modify this to make file undetected

.text #Strings

0006AAAB   74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E 66 6F    t_CredentialInfo
0006AABB   00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66 6F 00    .FileSystemInfo.
0006AACB   70 70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74 5F 46    ppJoinInfo.get_F
0006AADB   69 6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F 00 47    ileVersionInfo.G
0006AAEB   65 74 56                                           etV

Match 33: 438112 (size: 67)

Dominant. Modify this to make file undetected

.text #Strings

0006AF60   61 6D 52 65 61 64 65 72 00 54 65 78 74 52 65 61    amReader.TextRea
0006AF70   64 65 72 00 42 69 6E 61 72 79 52 65 61 64 65 72    der.BinaryReader
0006AF80   00 4F 6E 65 44 72 69 76 65 53 79 6E 63 50 72 6F    .OneDriveSyncPro
0006AF90   76 69 64 65 72 00 53 48 41 31 43 72 79 70 74 6F    vider.SHA1Crypto
0006AFA0   53 65 72                                           Ser

Match 37: 442463 (size: 67)

Dominant. Modify this to make file undetected

.text #Strings

0006C05F   74 45 6E 75 6D 65 72 61 74 6F 72 00 49 44 69 63    tEnumerator.IDic
0006C06F   74 69 6F 6E 61 72 79 45 6E 75 6D 65 72 61 74 6F    tionaryEnumerato
0006C07F   72 00 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 00    r.Administrator.
0006C08F   41 63 74 69 76 61 74 6F 72 00 2E 63 74 6F 72 00    Activator..ctor.
0006C09F   2E 63 63                                           .cc

Test #	MatchOrder	ModifyPosition	Match#0 #~ 51b	Match#1 #~ 51b	Match#2 #~ 25b	Match#3 #~ 26b	Match#4 #~ 52b	Match#5 #~ 51b	Match#6 #~ 77b	Match#7 #~ 78b	Match#8 #~ 26b	Match#9 #~ 128b	Match#10 #Strings 33b	Match#11 #Strings 17b	Match#12 #Strings 17b	Match#13 #Strings 34b	Match#14 #Strings 17b	Match#15 #Strings 34b	Match#16 #Strings 33b	Match#17 #Strings 33b	Match#18 #Strings 50b	Match#19 #Strings 50b	Match#20 #Strings 50b	Match#21 #Strings 33b	Match#22 #Strings 33b	Match#23 #Strings 17b	Match#24 #Strings 33b	Match#25 #Strings 50b	Match#26 #Strings 100b	Match#27 #Strings 33b	Match#28 #Strings 34b	Match#29 #Strings 67b	Match#30 #Strings 67b	Match#31 #Strings 67b	Match#32 #Strings 67b	Match#33 #Strings 67b	Match#34 #Strings 33b	Match#35 #Strings 33b	Match#36 #Strings 33b	Match#37 #Strings 67b	Match#38 #Strings 33b	Match#39 #Strings 67b	Match#40 #Strings 33b	Match#41 #Strings 33b	Match#42 #Strings 67b	Match#43 #Strings 67b	Match#44 #Strings 134b	Match#45 #Strings 67b	Match#46 #Strings 67b	Match#47 #Strings 67b	Match#48 #Strings 67b	Match#49 #Strings 134b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37	38	39	40	41	42	43	44	45	46	47	48	49
5	INCREMENTAL	FULL	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37	38	39	40	41	42	43	44	45	46	47	48	49
6	DECREMENTAL	FULL	49	48	47	46	45	44	43	42	41	40	39	38	37	36	35	34	33	32	31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
7	ALL	MIDDLE8	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
8	ALL	THIRDS4	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
9	ALL	FULL	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Result			d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-21 22:09:55,643] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-07-21 22:09:55,643] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-07-21 22:09:55,644] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-21 22:09:56,156] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 22:09:56,157] handleFile() :: Using scanner from command line: avg
[INFO    ][2023-07-21 22:09:56,158] load() :: Loading HashCache
[INFO    ][2023-07-21 22:09:56,323] load() ::   62908 hashes loaded
[INFO    ][2023-07-21 22:10:00,941] handleFile() :: QuickCheck: 8021A70FB5CF073B.Seatbelt.exe.avg.exe is detected by avg and not hash based
[INFO    ][2023-07-21 22:10:00,942] handleFile() :: Scanning for matches...
[INFO    ][2023-07-21 22:10:00,942] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-21 22:10:00,979] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-21 22:10:00,981] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-21 22:10:00,982] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-21 22:10:02,632] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-21 22:10:04,240] findDetectedSections() :: Hide: DotNet Header -> Detected: False
[INFO    ][2023-07-21 22:10:05,798] findDetectedSections() :: Hide: Metadata Header -> Detected: False
[INFO    ][2023-07-21 22:10:05,799] findDetectedSections() :: Hide: methods -> Detected: True
[INFO    ][2023-07-21 22:10:07,295] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False
[INFO    ][2023-07-21 22:10:08,837] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False
[INFO    ][2023-07-21 22:10:11,060] findDetectedSections() :: Hide: #US Stream Header -> Detected: True
[INFO    ][2023-07-21 22:10:13,386] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True
[INFO    ][2023-07-21 22:10:15,617] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True
[INFO    ][2023-07-21 22:10:15,618] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO    ][2023-07-21 22:10:15,619] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO    ][2023-07-21 22:10:15,620] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-21 22:10:15,622] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-21 22:10:15,623] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-21 22:10:15,623] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly
[INFO    ][2023-07-21 22:10:15,623] scanForMatchesInPe() ::   section: #~
[INFO    ][2023-07-21 22:10:15,623] scanForMatchesInPe() ::   section: #Strings
[INFO    ][2023-07-21 22:10:22,335] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (177244-386568)
[INFO    ][2023-07-21 22:10:22,335] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:16 MinMatchSize:32
[INFO    ][2023-07-21 22:10:22,335] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-21 22:10:22,358] _scanDataPart() :: Result: 177244-177295 (51 bytes)
0002B45C   00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00    ........W..?....
0002B46C   00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00    ...3............
0002B47C   9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00    ....*...l...$...
0002B48C   87 02 00                                           ...
[INFO    ][2023-07-21 22:10:22,365] _scanDataPart() :: Result: 177856-177907 (51 bytes)
0002B6C0   00 00 12 00 A5 A7 00 00 25 DC 00 00 06 00 E3 C9    ........%.......
0002B6D0   00 00 2F 01 01 00 06 00 69 B2 00 00 B5 1D 00 00    ../.....i.......
0002B6E0   06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00    ..l.........v...
0002B6F0   FA B2 00                                           ...
[INFO    ][2023-07-21 22:10:22,373] _scanDataPart() :: Result: 178061-178086 (25b minChunk:16 X)
0002B78D   9E 00 00 FA B2 00 00 06 00 13 CD 00 00 B5 1D 00    ................
0002B79D   00 06 00 63 B2 00 00 B5 1D                         ...c.....
[INFO    ][2023-07-21 22:10:22,375] _scanDataPart() :: Result: 178137-178163 (26b minChunk:16 X)
0002B7D9   00 06 00 73 DB 00 00 FA B2 00 00 12 00 74 F1 00    ...s.........t..
0002B7E9   00 9B F5 00 00 06 00 6F F0 00                      .......o..
[INFO    ][2023-07-21 22:10:22,380] _scanDataPart() :: Result: 178418-178470 (52 bytes)
0002B8F2   06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00    ............T...
0002B902   B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00    ......,.........
0002B912   F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E5 F8    ..........H.....
0002B922   00 00 06 00                                        ....
[INFO    ][2023-07-21 22:10:22,390] _scanDataPart() :: Result: 178930-178955 (25b minChunk:16 X)
0002BAF2   27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D    '..............-
0002BB02   00 00 0A 00 E2 AE 00 00 E5                         .........
[INFO    ][2023-07-21 22:10:22,390] _scanDataPart() :: Result: 178955-178981 (26b minChunk:16 X)
0002BB0B   F8 00 00 0A 00 37 94 00 00 E5 F8 00 00 06 00 A6    .....7..........
0002BB1B   09 01 00 B5 1D 00 00 06 00 7C                      .........|
[INFO    ][2023-07-21 22:10:22,397] _scanDataPart() :: Result: 179414-179440 (26b minChunk:16 X)
0002BCD6   B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00    ................
0002BCE6   55 CB 00 00 FA B2 00 00 06 00                      U.........
[INFO    ][2023-07-21 22:10:22,399] _scanDataPart() :: Result: 179440-179465 (25b minChunk:16 X)
0002BCF0   5E C1 00 00 B5 1D 00 00 06 00 A0 A2 00 00 2F 01    ^............./.
0002BD00   01 00 06 00 F1 EE 00 00 14                         .........
[INFO    ][2023-07-21 22:10:22,399] _scanDataPart() :: Result: 179465-179491 (26b minChunk:16 X)
0002BD09   DE 00 00 06 00 11 84 00 00 FA B2 00 00 06 00 8E    ................
0002BD19   C9 00 00 2B 07 01 00 06 00 67                      ...+.....g
[INFO    ][2023-07-21 22:10:22,404] _scanDataPart() :: Result: 179618-179644 (26b minChunk:16 X)
0002BDA2   06 00 64 0D 00 00 FA B2 00 00 06 00 4E E2 00 00    ..d.........N...
0002BDB2   C7 BC 00 00 06 00 43 AA 00 00                      ......C...
[INFO    ][2023-07-21 22:10:22,406] _scanDataPart() :: Result: 179644-179670 (26b minChunk:16 X)
0002BDBC   B5 1D 00 00 06 00 3B 9A 00 00 8F E3 00 00 12 00    ......;.........
0002BDCC   CD E0 00 00 E1 BA 00 00 12 00                      ..........
[INFO    ][2023-07-21 22:10:22,406] _scanDataPart() :: Result: 179670-179696 (26b minChunk:16 X)
0002BDD6   B0 BE 00 00 E1 BA 00 00 12 00 E6 BE 00 00 E1 BA    ................
0002BDE6   00 00 06 00 DA 10 00 00 FA B2                      ..........
[INFO    ][2023-07-21 22:10:22,415] _scanDataPart() :: Result: 179823-179849 (26b minChunk:16 X)
0002BE6F   00 C2 C3 00 00 1E 00 27 C9 00 00 C2 C3 00 00 06    .......'........
0002BE7F   00 57 AD 00 00 FA B2 00 00 0A                      .W........
[INFO    ][2023-07-21 22:10:22,417] _scanDataPart() :: Result: 179874-179900 (26b minChunk:16 X)
0002BEA2   4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00    L...............
0002BEB2   90 00 01 00 57 EC 00 00 1A 00                      ....W.....
[INFO    ][2023-07-21 22:10:22,422] _scanDataPart() :: Result: 179900-179951 (51 bytes)
0002BEBC   F1 82 00 00 FF B0 00 00 06 00 A8 85 00 00 FA B2    ................
0002BECC   00 00 06 00 DB C1 00 00 B5 1D 00 00 06 00 1C C2    ................
0002BEDC   00 00 FA B2 00 00 06 00 83 C2 00 00 C1 0A 01 00    ................
0002BEEC   06 00 C0                                           ...
[INFO    ][2023-07-21 22:10:22,424] _scanDataPart() :: Result: 179951-179976 (25b minChunk:16 X)
0002BEEF   C5 00 00 B5 1D 00 00 06 00 4F 0B 01 00 B8 E9 00    .........O......
0002BEFF   00 12 00 AE BB 00 00 E1 BA                         .........
[INFO    ][2023-07-21 22:10:22,424] _scanDataPart() :: Result: 179976-180002 (26b minChunk:16 X)
0002BF08   00 00 12 00 49 BE 00 00 25 DC 00 00 06 00 9E 98    ....I...%.......
0002BF18   00 00 57 EC 00 00 1A 00 99 C6                      ..W.......
[INFO    ][2023-07-21 22:10:22,425] scan() :: Reducer Result: Time:0 Chunks:65 MatchesAdded:18 MatchesFinal:10
[INFO    ][2023-07-21 22:10:31,602] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (386568-455116)
[INFO    ][2023-07-21 22:10:31,602] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:8 MinMatchSize:16
[INFO    ][2023-07-21 22:10:31,602] _printStatus() :: Reducing: 66 chunks done, found 0 matches (18 added)
[INFO    ][2023-07-21 22:10:31,624] _scanDataPart() :: Result: 390868-390885 (17b minChunk:8 X)
0005F6D4   00 54 6F 55 49 6E 74 31 36 00 52 65 61 64 49 6E    .ToUInt16.ReadIn
0005F6E4   74                                                 t
[INFO    ][2023-07-21 22:10:31,626] _scanDataPart() :: Result: 390885-390901 (16b minChunk:8 X)
0005F6E5   31 36 00 53 48 41 32 35 36 00 58 38 36 00 41 46    16.SHA256.X86.AF
[INFO    ][2023-07-21 22:10:31,634] _scanDataPart() :: Result: 391772-391789 (17b minChunk:8 X)
0005FA5C   50 45 43 00 47 43 00 50 55 42 4C 49 43 00 55 44    PEC.GC.PUBLIC.UD
0005FA6C   50                                                 P
[INFO    ][2023-07-21 22:10:31,644] _scanDataPart() :: Result: 392407-392424 (17b minChunk:8 X)
0005FCD7   44 00 50 6C 61 74 66 6F 72 6D 49 44 00 4C 6F 67    D.PlatformID.Log
0005FCE7   69                                                 i
[INFO    ][2023-07-21 22:10:31,654] _scanDataPart() :: Doubling: minChunkSize: 8  minMatchSize: 16
[INFO    ][2023-07-21 22:10:31,656] _scanDataPart() :: Result: 394164-394198 (34 bytes)
000603B4   4B 45 59 5F 49 4E 46 4F 00 53 79 73 74 65 6D 2E    KEY_INFO.System.
000603C4   49 4F 00 67 65 74 5F 47 50 4F 00 41 75 64 69 74    IO.get_GPO.Audit
000603D4   50 6F                                              Po
[INFO    ][2023-07-21 22:10:31,673] _scanDataPart() :: Result: 419351-419368 (17b minChunk:16 X)
00066617   64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00 43    de.PaddingMode.C
00066627   69                                                 i
[INFO    ][2023-07-21 22:10:31,683] _scanDataPart() :: Result: 420272-420289 (17b minChunk:16 X)
000669B0   6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E 75 6D    numerable.AsEnum
000669C0   65                                                 e
[INFO    ][2023-07-21 22:10:31,683] _scanDataPart() :: Result: 420289-420306 (17b minChunk:16 X)
000669C1   72 61 62 6C 65 00 49 44 69 73 70 6F 73 61 62 6C    rable.IDisposabl
000669D1   65                                                 e
[INFO    ][2023-07-21 22:10:31,700] _scanDataPart() :: Result: 420875-420908 (33b minChunk:16 X)
00066C0B   74 70 75 74 46 69 6C 65 00 6F 75 74 70 75 74 46    tputFile.outputF
00066C1B   69 6C 65 00 46 69 6E 64 4E 65 78 74 46 69 6C 65    ile.FindNextFile
00066C2B   00                                                 .
[INFO    ][2023-07-21 22:10:31,704] _scanDataPart() :: Result: 420975-421008 (33b minChunk:16 X)
00066C6F   57 69 6E 64 6F 77 73 42 75 69 6C 74 49 6E 52 6F    WindowsBuiltInRo
00066C7F   6C 65 00 43 6F 6E 73 6F 6C 65 00 67 65 74 5F 54    le.Console.get_T
00066C8F   69                                                 i
[INFO    ][2023-07-21 22:10:31,706] _scanDataPart() :: Result: 421042-421075 (33b minChunk:16 X)
00066CB2   77 73 46 69 72 65 77 61 6C 6C 52 75 6C 65 00 41    wsFirewallRule.A
00066CC2   73 72 52 75 6C 65 00 50 72 6F 63 65 73 73 4D 6F    srRule.ProcessMo
00066CD2   64                                                 d
[INFO    ][2023-07-21 22:10:31,707] _scanDataPart() :: Result: 421075-421092 (17b minChunk:16 X)
00066CD3   75 6C 65 00 72 75 6C 65 00 67 65 74 5F 47 50 4F    ule.rule.get_GPO
00066CE3   4E                                                 N
[INFO    ][2023-07-21 22:10:31,721] _scanDataPart() :: Result: 425309-425326 (17b minChunk:16 X)
00067D5D   00 67 65 74 5F 50 72 6F 70 65 72 74 79 54 79 70    .get_PropertyTyp
00067D6D   65                                                 e
[INFO    ][2023-07-21 22:10:31,723] _scanDataPart() :: Result: 425326-425359 (33b minChunk:16 X)
00067D6E   00 74 79 70 65 00 46 69 6C 65 53 68 61 72 65 00    .type.FileShare.
00067D7E   73 68 61 72 65 00 43 6F 6D 70 61 72 65 00 53 65    share.Compare.Se
00067D8E   74                                                 t
[INFO    ][2023-07-21 22:10:31,734] _scanDataPart() :: Result: 427719-427736 (17b minChunk:16 X)
000686C7   78 65 00 70 72 6F 64 75 63 74 45 78 65 00 53 65    xe.productExe.Se
000686D7   61                                                 a
[INFO    ][2023-07-21 22:10:31,736] _scanDataPart() :: Result: 427736-427769 (33b minChunk:16 X)
000686D8   74 62 65 6C 74 2E 65 78 65 00 67 65 74 5F 53 69    tbelt.exe.get_Si
000686E8   7A 65 00 73 65 74 5F 53 69 7A 65 00 43 72 65 64    ze.set_Size.Cred
000686F8   65                                                 e
[INFO    ][2023-07-21 22:10:31,744] _scanDataPart() :: Result: 429075-429108 (33b minChunk:16 X)
00068C13   47 65 74 53 74 72 69 6E 67 00 50 61 72 73 65 4D    GetString.ParseM
00068C23   72 75 53 74 72 69 6E 67 00 53 75 62 73 74 72 69    ruString.Substri
00068C33   6E                                                 n
[INFO    ][2023-07-21 22:10:31,758] _scanDataPart() :: Result: 429476-429509 (33b minChunk:16 X)
00068DA4   63 68 00 6D 61 74 63 68 00 53 74 6F 70 77 61 74    ch.match.Stopwat
00068DB4   63 68 00 6E 46 69 6C 65 53 69 7A 65 48 69 67 68    ch.nFileSizeHigh
00068DC4   00                                                 .
[INFO    ][2023-07-21 22:10:31,763] _scanDataPart() :: Result: 429643-429660 (17b minChunk:16 X)
00068E4B   75 74 6F 46 6C 75 73 68 00 4D 61 74 68 00 50 61    utoFlush.Math.Pa
00068E5B   72                                                 r
[INFO    ][2023-07-21 22:10:31,769] _scanDataPart() :: Result: 430146-430179 (33b minChunk:16 X)
00069042   74 68 00 62 69 6E 61 72 79 50 61 74 68 00 3C 3E    th.binaryPath.<>
00069052   33 5F 5F 70 61 74 68 00 73 63 72 69 70 74 5F 70    3__path.script_p
00069062   61                                                 a
[INFO    ][2023-07-21 22:10:31,781] _scanDataPart() :: Result: 432204-432221 (17b minChunk:16 X)
0006984C   75 72 6C 00 46 69 6C 65 53 74 72 65 61 6D 00 67    url.FileStream.g
0006985C   65                                                 e
[INFO    ][2023-07-21 22:10:31,784] _scanDataPart() :: Result: 432221-432254 (33b minChunk:16 X)
0006985D   74 5F 45 6E 64 4F 66 53 74 72 65 61 6D 00 4D 65    t_EndOfStream.Me
0006986D   6D 6F 72 79 53 74 72 65 61 6D 00 5F 73 74 72 65    moryStream._stre
0006987D   61                                                 a
[INFO    ][2023-07-21 22:10:31,789] _scanDataPart() :: Result: 432355-432388 (33b minChunk:16 X)
000698E3   6C 74 49 74 65 6D 00 76 61 75 6C 74 49 74 65 6D    ltItem.vaultItem
000698F3   00 69 74 65 6D 00 4F 70 65 72 61 74 69 6E 67 53    .item.OperatingS
00069903   79                                                 y
[INFO    ][2023-07-21 22:10:34,778] _scanDataPart() :: Result: 432388-432422 (34 bytes)
00069904   73 74 65 6D 00 53 79 6D 6D 65 74 72 69 63 41 6C    stem.SymmetricAl
00069914   67 6F 72 69 74 68 6D 00 41 73 79 6D 6D 65 74 72    gorithm.Asymmetr
00069924   69 63                                              ic
[INFO    ][2023-07-21 22:10:34,779] _printStatus() :: Reducing: 199 chunks done, found 17 matches (42 added)
[INFO    ][2023-07-21 22:10:34,781] _scanDataPart() :: Doubling: minChunkSize: 16  minMatchSize: 32
[INFO    ][2023-07-21 22:10:34,781] _scanDataPart() :: Result: 432422-432455 (33b minChunk:32 X)
00069926   41 6C 67 6F 72 69 74 68 6D 00 53 69 67 6E 61 74    Algorithm.Signat
00069936   75 72 65 41 6C 67 6F 72 69 74 68 6D 00 67 65 74    ureAlgorithm.get
00069946   5F                                                 _
[INFO    ][2023-07-21 22:10:38,570] _printStatus() :: Reducing: 203 chunks done, found 17 matches (43 added)
[INFO    ][2023-07-21 22:10:38,570] _scanDataPart() :: Result: 432489-432522 (33b minChunk:32 X)
00069969   53 79 73 6D 6F 6E 48 61 73 68 41 6C 67 6F 72 69    SysmonHashAlgori
00069979   74 68 6D 00 54 72 69 6D 00 67 65 74 5F 44 65 6C    thm.Trim.get_Del
00069989   65                                                 e
[INFO    ][2023-07-21 22:10:42,440] _printStatus() :: Reducing: 205 chunks done, found 18 matches (44 added)
[INFO    ][2023-07-21 22:10:42,440] _scanDataPart() :: Result: 432589-432623 (34b minChunk:32 X)
000699CD   6F 72 6D 00 47 65 74 42 69 6E 61 72 79 46 6F 72    orm.GetBinaryFor
000699DD   6D 00 49 43 72 79 70 74 6F 54 72 61 6E 73 66 6F    m.ICryptoTransfo
000699ED   72 6D                                              rm
[INFO    ][2023-07-21 22:10:46,195] _printStatus() :: Reducing: 213 chunks done, found 19 matches (45 added)
[INFO    ][2023-07-21 22:10:46,195] _scanDataPart() :: Result: 436136-436170 (34b minChunk:32 X)
0006A7A8   74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D 65 6E    tion.NotImplemen
0006A7B8   74 65 64 45 78 63 65 70 74 69 6F 6E 00 50 6C 61    tedException.Pla
0006A7C8   74 66                                              tf
[INFO    ][2023-07-21 22:10:50,000] _printStatus() :: Reducing: 215 chunks done, found 20 matches (46 added)
[INFO    ][2023-07-21 22:10:50,000] _scanDataPart() :: Result: 436170-436203 (33b minChunk:32 X)
0006A7CA   6F 72 6D 4E 6F 74 53 75 70 70 6F 72 74 65 64 45    ormNotSupportedE
0006A7DA   78 63 65 70 74 69 6F 6E 00 46 69 6C 65 4E 6F 74    xception.FileNot
0006A7EA   46                                                 F
[INFO    ][2023-07-21 22:10:53,806] _printStatus() :: Reducing: 220 chunks done, found 20 matches (47 added)
[INFO    ][2023-07-21 22:10:53,806] _scanDataPart() :: Result: 436672-436706 (34b minChunk:32 X)
0006A9C0   65 73 6F 6C 75 74 69 6F 6E 00 53 79 73 74 65 6D    esolution.System
0006A9D0   2E 44 61 74 61 2E 43 6F 6D 6D 6F 6E 00 53 74 72    .Data.Common.Str
0006A9E0   69 6E                                              in
[INFO    ][2023-07-21 22:10:57,600] _printStatus() :: Reducing: 222 chunks done, found 21 matches (48 added)
[INFO    ][2023-07-21 22:10:57,600] _scanDataPart() :: Result: 436706-436739 (33b minChunk:32 X)
0006A9E2   67 43 6F 6D 70 61 72 69 73 6F 6E 00 5F 6A 73 6F    gComparison._jso
0006A9F2   6E 00 55 70 6E 00 70 61 74 74 65 72 6E 00 44 6F    n.Upn.pattern.Do
0006AA02   77                                                 w
[INFO    ][2023-07-21 22:11:01,523] _printStatus() :: Reducing: 225 chunks done, found 21 matches (49 added)
[INFO    ][2023-07-21 22:11:01,523] _scanDataPart() :: Result: 436806-436840 (34b minChunk:32 X)
0006AA46   49 6E 66 6F 00 70 70 50 61 63 6B 61 67 65 49 6E    Info.ppPackageIn
0006AA56   66 6F 00 43 72 65 64 65 6E 74 69 61 6C 46 69 6C    fo.CredentialFil
0006AA66   65 49                                              eI
[INFO    ][2023-07-21 22:11:05,224] _printStatus() :: Reducing: 227 chunks done, found 22 matches (50 added)
[INFO    ][2023-07-21 22:11:05,224] _scanDataPart() :: Result: 436840-436873 (33b minChunk:32 X)
0006AA68   6E 66 6F 00 50 72 6F 66 69 6C 65 49 6E 66 6F 00    nfo.ProfileInfo.
0006AA78   47 65 74 4E 61 6D 65 49 6E 66 6F 00 43 75 6C 74    GetNameInfo.Cult
0006AA88   75                                                 u
[INFO    ][2023-07-21 22:11:05,233] _scanDataPart() :: Result: 436907-436940 (33b minChunk:32 X)
0006AAAB   74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E 66 6F    t_CredentialInfo
0006AABB   00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66 6F 00    .FileSystemInfo.
0006AACB   70                                                 p
[INFO    ][2023-07-21 22:11:05,234] _scanDataPart() :: Result: 436940-436974 (34b minChunk:32 X)
0006AACC   70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74 5F 46 69    pJoinInfo.get_Fi
0006AADC   6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F 00 47 65    leVersionInfo.Ge
0006AAEC   74 56                                              tV
[INFO    ][2023-07-21 22:11:05,252] _scanDataPart() :: Result: 438112-438145 (33b minChunk:32 X)
0006AF60   61 6D 52 65 61 64 65 72 00 54 65 78 74 52 65 61    amReader.TextRea
0006AF70   64 65 72 00 42 69 6E 61 72 79 52 65 61 64 65 72    der.BinaryReader
0006AF80   00                                                 .
[INFO    ][2023-07-21 22:11:05,253] _scanDataPart() :: Result: 438145-438179 (34b minChunk:32 X)
0006AF81   4F 6E 65 44 72 69 76 65 53 79 6E 63 50 72 6F 76    OneDriveSyncProv
0006AF91   69 64 65 72 00 53 48 41 31 43 72 79 70 74 6F 53    ider.SHA1CryptoS
0006AFA1   65 72                                              er
[INFO    ][2023-07-21 22:11:09,079] _printStatus() :: Reducing: 251 chunks done, found 24 matches (55 added)
[INFO    ][2023-07-21 22:11:09,079] _scanDataPart() :: Result: 439050-439083 (33b minChunk:32 X)
0006B30A   73 65 72 00 67 65 74 5F 4E 6F 74 41 66 74 65 72    ser.get_NotAfter
0006B31A   00 53 74 72 65 61 6D 57 72 69 74 65 72 00 5F 73    .StreamWriter._s
0006B32A   74                                                 t
[INFO    ][2023-07-21 22:11:12,987] _printStatus() :: Reducing: 253 chunks done, found 25 matches (56 added)
[INFO    ][2023-07-21 22:11:12,987] _scanDataPart() :: Result: 439116-439149 (33b minChunk:32 X)
0006B34C   69 74 65 72 00 43 6F 6E 73 6F 6C 65 54 65 78 74    iter.ConsoleText
0006B35C   57 72 69 74 65 72 00 5F 74 65 78 74 57 72 69 74    Writer._textWrit
0006B36C   65                                                 e
[INFO    ][2023-07-21 22:11:12,991] _scanDataPart() :: Result: 439250-439283 (33b minChunk:32 X)
0006B3D2   42 69 74 43 6F 6E 76 65 72 74 65 72 00 57 4D 49    BitConverter.WMI
0006B3E2   46 6F 72 6D 61 74 74 65 72 00 4C 41 50 53 46 6F    Formatter.LAPSFo
0006B3F2   72                                                 r
[INFO    ][2023-07-21 22:11:13,005] _scanDataPart() :: Result: 442463-442496 (33b minChunk:32 X)
0006C05F   74 45 6E 75 6D 65 72 61 74 6F 72 00 49 44 69 63    tEnumerator.IDic
0006C06F   74 69 6F 6E 61 72 79 45 6E 75 6D 65 72 61 74 6F    tionaryEnumerato
0006C07F   72                                                 r
[INFO    ][2023-07-21 22:11:13,006] _scanDataPart() :: Result: 442496-442530 (34b minChunk:32 X)
0006C080   00 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 41    .Administrator.A
0006C090   63 74 69 76 61 74 6F 72 00 2E 63 74 6F 72 00 2E    ctivator..ctor..
0006C0A0   63 63                                              cc
[INFO    ][2023-07-21 22:11:13,016] _scanDataPart() :: Result: 445007-445040 (33b minChunk:32 X)
0006CA4F   64 41 74 74 72 69 62 75 74 65 73 00 64 77 46 69    dAttributes.dwFi
0006CA5F   6C 65 41 74 74 72 69 62 75 74 65 73 00 46 69 6C    leAttributes.Fil
0006CA6F   65                                                 e
[INFO    ][2023-07-21 22:11:13,025] _scanDataPart() :: Result: 445977-446011 (34b minChunk:32 X)
0006CE19   4E 75 6D 41 72 67 73 00 43 6F 6D 6D 61 6E 64 4C    NumArgs.CommandL
0006CE29   69 6E 65 54 6F 41 72 67 73 00 52 65 73 6F 6C 76    ineToArgs.Resolv
0006CE39   65 45                                              eE
[INFO    ][2023-07-21 22:11:13,032] _scanDataPart() :: Result: 446011-446044 (33b minChunk:32 X)
0006CE3B   76 65 6E 74 41 72 67 73 00 3C 3E 33 5F 5F 61 72    ventArgs.<>3__ar
0006CE4B   67 73 00 3C 3E 34 5F 5F 74 68 69 73 00 4D 69 63    gs.<>4__this.Mic
0006CE5B   72                                                 r
[INFO    ][2023-07-21 22:11:13,046] _scanDataPart() :: Result: 447082-447115 (33b minChunk:32 X)
0006D26A   65 63 74 69 6F 6E 73 00 67 65 74 5F 43 6F 6E 6E    ections.get_Conn
0006D27A   65 63 74 69 6F 6E 73 00 73 65 74 5F 43 6F 6E 6E    ections.set_Conn
0006D28A   65                                                 e
[INFO    ][2023-07-21 22:11:13,051] _scanDataPart() :: Result: 447350-447383 (33b minChunk:32 X)
0006D376   6E 73 00 53 74 72 69 6E 67 53 70 6C 69 74 4F 70    ns.StringSplitOp
0006D386   74 69 6F 6E 73 00 53 65 61 74 62 65 6C 74 4F 70    tions.SeatbeltOp
0006D396   74                                                 t
[INFO    ][2023-07-21 22:11:13,057] _scanDataPart() :: Doubling: minChunkSize: 32  minMatchSize: 64
[INFO    ][2023-07-21 22:11:13,059] _scanDataPart() :: Result: 448086-448153 (67b minChunk:64 X)
0006D656   73 00 44 65 73 69 72 65 64 41 63 63 65 73 73 00    s.DesiredAccess.
0006D666   70 64 77 47 72 61 6E 74 65 64 41 63 63 65 73 73    pdwGrantedAccess
0006D676   00 46 69 6C 65 41 63 63 65 73 73 00 41 6C 6C 41    .FileAccess.AllA
0006D686   63 63 65 73 73 00 50 6C 75 67 69 6E 41 63 63 65    ccess.PluginAcce
0006D696   73 73 00                                           ss.
[INFO    ][2023-07-21 22:11:13,064] _scanDataPart() :: Result: 448354-448421 (67b minChunk:64 X)
0006D762   4E 74 51 75 65 72 79 49 6E 66 6F 72 6D 61 74 69    NtQueryInformati
0006D772   6F 6E 50 72 6F 63 65 73 73 00 49 50 41 64 64 72    onProcess.IPAddr
0006D782   65 73 73 00 67 65 74 5F 41 64 64 72 65 73 73 00    ess.get_Address.
0006D792   67 65 74 5F 52 65 6D 6F 74 65 41 64 64 72 65 73    get_RemoteAddres
0006D7A2   73 00 72                                           s.r
[INFO    ][2023-07-21 22:11:13,067] _scanDataPart() :: Result: 448555-448689 (134 bytes)
0006D82B   49 70 41 64 64 72 65 73 73 00 69 70 41 64 64 72    IpAddress.ipAddr
0006D83B   65 73 73 00 57 54 53 43 6C 69 65 6E 74 41 64 64    ess.WTSClientAdd
0006D84B   72 65 73 73 00 53 65 61 74 62 65 6C 74 2E 43 6F    ress.Seatbelt.Co
0006D85B   6D 6D 61 6E 64 73 2E 50 72 6F 64 75 63 74 73 00    mmands.Products.
0006D86B   41 74 74 72 69 62 75 74 65 54 61 72 67 65 74 73    AttributeTargets
0006D87B   00 55 73 65 72 52 69 67 68 74 73 00 52 65 67 69    .UserRights.Regi
0006D88B   73 74 72 79 52 69 67 68 74 73 00 63 55 6E 75 73    stryRights.cUnus
0006D89B   65 64 42 69 74 73 00 56 61 75 6C 74 45 6E 75 6D    edBits.VaultEnum
0006D8AB   65 72 61 74 65 56                                  erateV
[INFO    ][2023-07-21 22:11:13,078] _scanDataPart() :: Result: 451968-452035 (67b minChunk:64 X)
0006E580   6E 53 61 6E 64 42 6F 78 49 6E 65 72 74 00 43 6F    nSandBoxInert.Co
0006E590   6E 76 65 72 74 00 67 65 74 5F 50 6F 72 74 00 73    nvert.get_Port.s
0006E5A0   65 74 5F 50 6F 72 74 00 67 65 74 5F 52 65 6D 6F    et_Port.get_Remo
0006E5B0   74 65 50 6F 72 74 00 72 65 6D 6F 74 65 50 6F 72    tePort.remotePor
0006E5C0   74 00 67                                           t.g
[INFO    ][2023-07-21 22:11:13,082] _scanDataPart() :: Result: 452236-452303 (67b minChunk:64 X)
0006E68C   73 74 00 5F 64 69 72 4C 69 73 74 00 41 72 72 61    st._dirList.Arra
0006E69C   79 4C 69 73 74 00 50 65 72 73 69 73 74 00 67 65    yList.Persist.ge
0006E6AC   74 5F 48 6F 73 74 00 73 65 74 5F 48 6F 73 74 00    t_Host.set_Host.
0006E6BC   57 72 69 74 65 48 6F 73 74 00 67 65 74 5F 52 65    WriteHost.get_Re
0006E6CC   6D 6F 74                                           mot
[INFO    ][2023-07-21 22:11:13,090] _scanDataPart() :: Result: 453307-453374 (67b minChunk:64 X)
0006EABB   72 61 79 00 53 74 72 69 6E 67 54 6F 42 79 74 65    ray.StringToByte
0006EACB   41 72 72 61 79 00 49 6E 69 74 69 61 6C 69 7A 65    Array.Initialize
0006EADB   41 72 72 61 79 00 54 6F 41 72 72 61 79 00 67 65    Array.ToArray.ge
0006EAEB   74 5F 49 73 41 72 72 61 79 00 50 61 72 73 65 43    t_IsArray.ParseC
0006EAFB   6C 61 73                                           las
[INFO    ][2023-07-21 22:11:13,096] _scanDataPart() :: Result: 453910-453977 (67b minChunk:64 X)
0006ED16   65 52 65 67 69 73 74 72 79 4B 65 79 00 3C 3E 33    eRegistryKey.<>3
0006ED26   5F 5F 6B 65 79 00 4E 6F 74 69 66 79 00 53 79 73    __key.Notify.Sys
0006ED36   74 65 6D 2E 53 65 63 75 72 69 74 79 2E 43 72 79    tem.Security.Cry
0006ED46   70 74 6F 67 72 61 70 68 79 00 67 65 74 5F 41 73    ptography.get_As
0006ED56   73 65 6D                                           sem
[INFO    ][2023-07-21 22:11:13,103] _scanDataPart() :: Result: 454513-454580 (67b minChunk:64 X)
0006EF71   79 00 57 54 53 43 6C 69 65 6E 74 44 69 72 65 63    y.WTSClientDirec
0006EF81   74 6F 72 79 00 67 65 74 5F 43 6C 69 65 6E 74 44    tory.get_ClientD
0006EF91   69 72 65 63 74 6F 72 79 00 63 6C 69 65 6E 74 44    irectory.clientD
0006EFA1   69 72 65 63 74 6F 72 79 00 52 6F 6F 74 44 69 72    irectory.RootDir
0006EFB1   65 63 74                                           ect
[INFO    ][2023-07-21 22:11:13,108] _scanDataPart() :: Result: 454580-454647 (67b minChunk:64 X)
0006EFB4   6F 72 79 00 67 65 74 5F 48 69 73 74 6F 72 79 00    ory.get_History.
0006EFC4   68 69 73 74 6F 72 79 00 67 65 74 5F 45 6E 74 72    history.get_Entr
0006EFD4   79 00 73 65 74 5F 45 6E 74 72 79 00 57 69 66 69    y.set_Entry.Wifi
0006EFE4   50 72 6F 66 69 6C 65 45 6E 74 72 79 00 41 72 70    ProfileEntry.Arp
0006EFF4   45 6E 74                                           Ent
[INFO    ][2023-07-21 22:11:13,108] scan() :: Reducer Result: Time:42 Chunks:336 MatchesAdded:74 MatchesFinal:40
[INFO    ][2023-07-21 22:11:13,109] handleFile() :: Result: 50 matches
[INFO    ][2023-07-21 22:11:13,109] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 22:11:14,629] save() :: Saving HashCache (62949)
[INFO    ][2023-07-21 22:11:14,700] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-21 22:11:14,700] runVerifications() :: Verify 50 matches
[INFO    ][2023-07-21 22:12:42,017] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 22:14:09,111] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 22:15:29,647] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 22:16:50,525] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 22:18:06,674] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 47  result: ScanResult.NOT_DETECTED
  Idx: 48  result: ScanResult.NOT_DETECTED
  Idx: 49  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 22:19:22,687] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 47  result: ScanResult.NOT_DETECTED
  Idx: 48  result: ScanResult.NOT_DETECTED
  Idx: 49  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 22:20:37,045] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 49  result: ScanResult.NOT_DETECTED
  Idx: 48  result: ScanResult.NOT_DETECTED
  Idx: 47  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-21 22:20:37,047] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 22:20:38,602] runVerifications() :: Verification run: 8 THIRDS4 ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 22:20:38,604] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 22:20:38,605] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 22:20:38,605] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-21 22:20:39,111] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 22:20:41,725] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 22:20:41,726] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-21 22:20:41,726] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-21 22:20:41,726] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 22:20:41,727] save() :: Saving HashCache (63255)
[INFO    ][2023-08-04 18:27:12,971] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-08-04 18:27:12,971] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-08-04 18:27:12,972] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-04 18:27:13,488] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-04 18:27:13,490] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-08-04 18:27:13,490] load() :: Loading HashCache
[INFO    ][2023-08-04 18:27:13,685] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:27:13,685] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:27:13,765] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:27:14,324] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-04 18:27:21,078] init() :: DotnetData entries: 23564
[INFO    ][2023-08-04 18:27:21,101] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-08-04 18:27:21,102] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:53:12,811] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 16:53:12,811] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 16:53:12,812] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 16:53:13,334] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 16:53:13,335] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-08-06 16:53:13,335] load() :: Loading HashCache
[INFO    ][2023-08-06 16:53:13,532] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:53:13,532] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:53:13,611] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:53:14,173] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 16:53:20,953] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 16:53:20,976] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-08-06 16:53:20,977] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:27:23,890] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 17:27:23,890] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 17:27:23,891] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:27:24,411] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:27:24,412] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-08-06 17:27:24,412] load() :: Loading HashCache
[INFO    ][2023-08-06 17:27:24,603] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:27:24,603] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:27:24,679] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:27:25,239] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:27:32,026] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 17:27:32,048] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-08-06 17:27:32,049] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:26:46,994] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-01 05:26:46,994] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-01 05:26:47,004] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:47,510] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:47,511] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-01 05:26:47,513] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-01 05:26:47,514] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:47,708] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:47,708] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:47,790] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:21:37,039] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-24 19:21:37,039] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-24 19:21:37,041] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:21:37,042] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:21:37,068] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:21:37,069] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:21:37,069] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:21:37,546] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:21:38,173] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-24 19:21:38,174] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-24 19:21:38,175] load() :: Loading HashCache
[INFO    ][2023-09-24 19:21:38,375] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:21:38,375] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:21:38,471] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:21:45,022] init() :: DotnetData entries: 23564
[INFO    ][2023-09-24 19:21:45,044] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-24 19:21:45,045] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:54,578] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:14:54,578] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:14:54,579] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:14:54,579] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:14:54,604] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:14:54,604] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:14:54,605] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:14:55,077] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:14:55,642] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-25 18:14:55,644] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:14:55,644] load() :: Loading HashCache
[INFO    ][2023-09-25 18:14:55,872] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:14:55,872] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:55,969] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:15:02,872] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:15:02,894] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:15:02,895] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:56,345] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:21:56,345] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:21:56,346] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:21:56,347] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:21:56,371] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:21:56,372] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:21:56,372] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:21:56,840] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:21:57,396] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-25 18:21:57,397] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:21:57,398] load() :: Loading HashCache
[INFO    ][2023-09-25 18:21:57,623] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:21:57,623] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:57,721] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:22:04,542] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:22:04,564] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:22:04,564] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:07:29,457] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 10:07:29,458] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 10:07:29,459] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:07:29,459] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:07:29,484] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:07:29,484] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:07:29,485] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:07:29,957] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-29 10:07:29,958] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 10:07:29,959] load() :: Loading HashCache
[INFO    ][2023-09-29 10:07:30,184] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:07:30,185] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:07:30,279] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:07:37,156] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 10:07:37,178] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 10:07:37,178] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:12:02,852] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 12:12:02,853] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 12:12:02,854] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:12:02,854] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:12:02,879] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:12:02,879] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,880] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,880] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:12:02,880] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:12:02,880] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:12:03,355] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-29 12:12:03,357] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 12:12:03,358] load() :: Loading HashCache
[INFO    ][2023-09-29 12:12:03,582] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:12:03,582] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:12:03,679] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:12:10,565] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 12:12:10,587] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 12:12:10,588] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:57,593] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-30 10:32:57,594] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe
[INFO    ][2023-09-30 10:32:57,595] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:32:57,595] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:57,620] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:57,620] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:32:57,621] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:32:58,096] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-30 10:32:58,097] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-30 10:32:58,098] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:58,324] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:58,324] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:58,424] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:33:05,311] init() :: DotnetData entries: 23564
[INFO    ][2023-09-30 10:33:05,333] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-30 10:33:05,333] save() :: Saving HashCache (102072)

File 8021A70FB5CF073B.Seatbelt.exe.avg.exe

Matches

Match 0: 177244 (size: 51)

Info

Hexdump

Match 1: 177856 (size: 51)

Info

Hexdump

Disassembly

Match 2: 178061 (size: 25)

Info

Hexdump

Disassembly

Match 3: 178137 (size: 26)

Info

Hexdump

Disassembly

Match 4: 178418 (size: 52)

Info

Hexdump

Disassembly

Match 5: 178930 (size: 51)

Info

Hexdump

Disassembly

Match 6: 179414 (size: 77)

Info

Hexdump

Disassembly

Match 7: 179618 (size: 78)

Info

Hexdump

Disassembly

Match 9: 179874 (size: 128)

Info

Hexdump

Disassembly

Match 14: 419351 (size: 17)

Info

Hexdump

Match 15: 420272 (size: 34)

Info

Hexdump

Match 19: 425309 (size: 50)

Info

Hexdump

Match 29: 436136 (size: 67)

Info

Hexdump

Match 32: 436907 (size: 67)

Info

Hexdump

Match 33: 438112 (size: 67)

Info

Hexdump

Match 37: 442463 (size: 67)

Info

Hexdump

Explanation

Colors

Match Order

Position