Name: | 8021A70FB5CF073B.Seatbelt.exe.avg.exe |
Size: | 611,840 bytes |
Type: | EXE PE.NET |
MD5: | fc15a64503b4c20ddecff587d6b11c15 |
Scanner Name: | avg |
Appraisal: | Fragile (AND) based |
Scan Debug: | Duration: 72s / Chunks: 336 / Matches: 74 |
Scan date: | 2023-07-21 22:10:00 |
# | Iteration | Offset | Size | Section | Detail | SectionType | Conclusion |
---|---|---|---|---|---|---|---|
0 | 0 | 177244 | 51 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
1 | 0 | 177856 | 51 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
2 | 0 | 178061 | 25 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
3 | 0 | 178137 | 26 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
4 | 0 | 178418 | 52 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
5 | 0 | 178930 | 51 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
6 | 0 | 179414 | 77 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
7 | 0 | 179618 | 78 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
9 | 0 | 179874 | 128 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
14 | 1 | 419351 | 17 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
15 | 1 | 420272 | 34 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
19 | 1 | 425309 | 50 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
29 | 1 | 436136 | 67 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
32 | 1 | 436907 | 67 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
33 | 1 | 438112 | 67 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
37 | 1 | 442463 | 67 | .text #Strings | DATA | Dominant. Modify this to make file undetected |
Dominant. Modify this to make file undetected |
0002B45C 00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00 ........W..?.... 0002B46C 00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00 ...3............ 0002B47C 9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00 ....*...l...$... 0002B48C 87 02 00 ...
Dominant. Modify this to make file undetected |
0002B6C0 00 00 12 00 A5 A7 00 00 25 DC 00 00 06 00 E3 C9 ........%....... 0002B6D0 00 00 2F 01 01 00 06 00 69 B2 00 00 B5 1D 00 00 ../.....i....... 0002B6E0 06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00 ..l.........v... 0002B6F0 FA B2 00 ...
Dominant. Modify this to make file undetected |
0002B78D 9E 00 00 FA B2 00 00 06 00 13 CD 00 00 B5 1D 00 ................ 0002B79D 00 06 00 63 B2 00 00 B5 1D ...c.....
Dominant. Modify this to make file undetected |
0002B7D9 00 06 00 73 DB 00 00 FA B2 00 00 12 00 74 F1 00 ...s.........t.. 0002B7E9 00 9B F5 00 00 06 00 6F F0 00 .......o..
Dominant. Modify this to make file undetected |
0002B8F2 06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00 ............T... 0002B902 B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00 ......,......... 0002B912 F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E5 F8 ..........H..... 0002B922 00 00 06 00 ....
Dominant. Modify this to make file undetected |
0002BAF2 27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D '..............- 0002BB02 00 00 0A 00 E2 AE 00 00 E5 F8 00 00 0A 00 37 94 ..............7. 0002BB12 00 00 E5 F8 00 00 06 00 A6 09 01 00 B5 1D 00 00 ................ 0002BB22 06 00 7C ..|
Dominant. Modify this to make file undetected |
0002BCD6 B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00 ................ 0002BCE6 55 CB 00 00 FA B2 00 00 06 00 5E C1 00 00 B5 1D U.........^..... 0002BCF6 00 00 06 00 A0 A2 00 00 2F 01 01 00 06 00 F1 EE ......../....... 0002BD06 00 00 14 DE 00 00 06 00 11 84 00 00 FA B2 00 00 ................ 0002BD16 06 00 8E C9 00 00 2B 07 01 00 06 00 67 ......+.....g
Dominant. Modify this to make file undetected |
0002BDA2 06 00 64 0D 00 00 FA B2 00 00 06 00 4E E2 00 00 ..d.........N... 0002BDB2 C7 BC 00 00 06 00 43 AA 00 00 B5 1D 00 00 06 00 ......C......... 0002BDC2 3B 9A 00 00 8F E3 00 00 12 00 CD E0 00 00 E1 BA ;............... 0002BDD2 00 00 12 00 B0 BE 00 00 E1 BA 00 00 12 00 E6 BE ................ 0002BDE2 00 00 E1 BA 00 00 06 00 DA 10 00 00 FA B2 ..............
Dominant. Modify this to make file undetected |
0002BEA2 4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00 L............... 0002BEB2 90 00 01 00 57 EC 00 00 1A 00 F1 82 00 00 FF B0 ....W........... 0002BEC2 00 00 06 00 A8 85 00 00 FA B2 00 00 06 00 DB C1 ................ 0002BED2 00 00 B5 1D 00 00 06 00 1C C2 00 00 FA B2 00 00 ................ 0002BEE2 06 00 83 C2 00 00 C1 0A 01 00 06 00 C0 C5 00 00 ................ 0002BEF2 B5 1D 00 00 06 00 4F 0B 01 00 B8 E9 00 00 12 00 ......O......... 0002BF02 AE BB 00 00 E1 BA 00 00 12 00 49 BE 00 00 25 DC ..........I...%. 0002BF12 00 00 06 00 9E 98 00 00 57 EC 00 00 1A 00 99 C6 ........W.......
Dominant. Modify this to make file undetected |
00066617 64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00 43 de.PaddingMode.C 00066627 69 i
Dominant. Modify this to make file undetected |
000669B0 6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E 75 6D numerable.AsEnum 000669C0 65 72 61 62 6C 65 00 49 44 69 73 70 6F 73 61 62 erable.IDisposab 000669D0 6C 65 le
Dominant. Modify this to make file undetected |
00067D5D 00 67 65 74 5F 50 72 6F 70 65 72 74 79 54 79 70 .get_PropertyTyp 00067D6D 65 00 74 79 70 65 00 46 69 6C 65 53 68 61 72 65 e.type.FileShare 00067D7D 00 73 68 61 72 65 00 43 6F 6D 70 61 72 65 00 53 .share.Compare.S 00067D8D 65 74 et
Dominant. Modify this to make file undetected |
0006A7A8 74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D 65 6E tion.NotImplemen 0006A7B8 74 65 64 45 78 63 65 70 74 69 6F 6E 00 50 6C 61 tedException.Pla 0006A7C8 74 66 6F 72 6D 4E 6F 74 53 75 70 70 6F 72 74 65 tformNotSupporte 0006A7D8 64 45 78 63 65 70 74 69 6F 6E 00 46 69 6C 65 4E dException.FileN 0006A7E8 6F 74 46 otF
Dominant. Modify this to make file undetected |
0006AAAB 74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E 66 6F t_CredentialInfo 0006AABB 00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66 6F 00 .FileSystemInfo. 0006AACB 70 70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74 5F 46 ppJoinInfo.get_F 0006AADB 69 6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F 00 47 ileVersionInfo.G 0006AAEB 65 74 56 etV
Dominant. Modify this to make file undetected |
0006AF60 61 6D 52 65 61 64 65 72 00 54 65 78 74 52 65 61 amReader.TextRea 0006AF70 64 65 72 00 42 69 6E 61 72 79 52 65 61 64 65 72 der.BinaryReader 0006AF80 00 4F 6E 65 44 72 69 76 65 53 79 6E 63 50 72 6F .OneDriveSyncPro 0006AF90 76 69 64 65 72 00 53 48 41 31 43 72 79 70 74 6F vider.SHA1Crypto 0006AFA0 53 65 72 Ser
Dominant. Modify this to make file undetected |
0006C05F 74 45 6E 75 6D 65 72 61 74 6F 72 00 49 44 69 63 tEnumerator.IDic 0006C06F 74 69 6F 6E 61 72 79 45 6E 75 6D 65 72 61 74 6F tionaryEnumerato 0006C07F 72 00 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 r.Administrator. 0006C08F 41 63 74 69 76 61 74 6F 72 00 2E 63 74 6F 72 00 Activator..ctor. 0006C09F 2E 63 63 .cc
Test # | MatchOrder | ModifyPosition |
Match#0 #~ 51b |
Match#1 #~ 51b |
Match#2 #~ 25b |
Match#3 #~ 26b |
Match#4 #~ 52b |
Match#5 #~ 51b |
Match#6 #~ 77b |
Match#7 #~ 78b |
Match#8 #~ 26b |
Match#9 #~ 128b |
Match#10 #Strings 33b |
Match#11 #Strings 17b |
Match#12 #Strings 17b |
Match#13 #Strings 34b |
Match#14 #Strings 17b |
Match#15 #Strings 34b |
Match#16 #Strings 33b |
Match#17 #Strings 33b |
Match#18 #Strings 50b |
Match#19 #Strings 50b |
Match#20 #Strings 50b |
Match#21 #Strings 33b |
Match#22 #Strings 33b |
Match#23 #Strings 17b |
Match#24 #Strings 33b |
Match#25 #Strings 50b |
Match#26 #Strings 100b |
Match#27 #Strings 33b |
Match#28 #Strings 34b |
Match#29 #Strings 67b |
Match#30 #Strings 67b |
Match#31 #Strings 67b |
Match#32 #Strings 67b |
Match#33 #Strings 67b |
Match#34 #Strings 33b |
Match#35 #Strings 33b |
Match#36 #Strings 33b |
Match#37 #Strings 67b |
Match#38 #Strings 33b |
Match#39 #Strings 67b |
Match#40 #Strings 33b |
Match#41 #Strings 33b |
Match#42 #Strings 67b |
Match#43 #Strings 67b |
Match#44 #Strings 134b |
Match#45 #Strings 67b |
Match#46 #Strings 67b |
Match#47 #Strings 67b |
Match#48 #Strings 67b |
Match#49 #Strings 134b |
0 | ISOLATED | MIDDLE8 | ||||||||||||||||||||||||||||||||||||||||||||||||||
1 | ISOLATED | THIRDS4 | ||||||||||||||||||||||||||||||||||||||||||||||||||
2 | ISOLATED | FULL | ||||||||||||||||||||||||||||||||||||||||||||||||||
3 | ISOLATED | FULLB | ||||||||||||||||||||||||||||||||||||||||||||||||||
4 | INCREMENTAL | MIDDLE8 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 |
5 | INCREMENTAL | FULL | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 |
6 | DECREMENTAL | FULL | 49 | 48 | 47 | 46 | 45 | 44 | 43 | 42 | 41 | 40 | 39 | 38 | 37 | 36 | 35 | 34 | 33 | 32 | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
7 | ALL | MIDDLE8 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8 | ALL | THIRDS4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
9 | ALL | FULL | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Result |
[INFO ][2023-07-21 22:09:55,643] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-07-21 22:09:55,643] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-07-21 22:09:55,644] handleFile() :: Using parser for file type DOTNET [INFO ][2023-07-21 22:09:56,156] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 22:09:56,157] handleFile() :: Using scanner from command line: avg [INFO ][2023-07-21 22:09:56,158] load() :: Loading HashCache [INFO ][2023-07-21 22:09:56,323] load() :: 62908 hashes loaded [INFO ][2023-07-21 22:10:00,941] handleFile() :: QuickCheck: 8021A70FB5CF073B.Seatbelt.exe.avg.exe is detected by avg and not hash based [INFO ][2023-07-21 22:10:00,942] handleFile() :: Scanning for matches... [INFO ][2023-07-21 22:10:00,942] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact) [INFO ][2023-07-21 22:10:00,979] findDetectedSections() :: Hide: .text -> Detected: False [INFO ][2023-07-21 22:10:00,981] findDetectedSections() :: Hide: .rsrc -> Detected: True [INFO ][2023-07-21 22:10:00,982] findDetectedSections() :: Hide: .reloc -> Detected: True [INFO ][2023-07-21 22:10:02,632] findDetectedSections() :: Hide: Header -> Detected: False [INFO ][2023-07-21 22:10:04,240] findDetectedSections() :: Hide: DotNet Header -> Detected: False [INFO ][2023-07-21 22:10:05,798] findDetectedSections() :: Hide: Metadata Header -> Detected: False [INFO ][2023-07-21 22:10:05,799] findDetectedSections() :: Hide: methods -> Detected: True [INFO ][2023-07-21 22:10:07,295] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False [INFO ][2023-07-21 22:10:08,837] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False [INFO ][2023-07-21 22:10:11,060] findDetectedSections() :: Hide: #US Stream Header -> Detected: True [INFO ][2023-07-21 22:10:13,386] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True [INFO ][2023-07-21 22:10:15,617] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True [INFO ][2023-07-21 22:10:15,618] findDetectedSections() :: Hide: #~ -> Detected: False [INFO ][2023-07-21 22:10:15,619] findDetectedSections() :: Hide: #Strings -> Detected: False [INFO ][2023-07-21 22:10:15,620] findDetectedSections() :: Hide: #US -> Detected: True [INFO ][2023-07-21 22:10:15,622] findDetectedSections() :: Hide: #GUID -> Detected: True [INFO ][2023-07-21 22:10:15,623] findDetectedSections() :: Hide: #Blob -> Detected: True [INFO ][2023-07-21 22:10:15,623] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly [INFO ][2023-07-21 22:10:15,623] scanForMatchesInPe() :: section: #~ [INFO ][2023-07-21 22:10:15,623] scanForMatchesInPe() :: section: #Strings [INFO ][2023-07-21 22:10:22,335] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (177244-386568) [INFO ][2023-07-21 22:10:22,335] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:16 MinMatchSize:32 [INFO ][2023-07-21 22:10:22,335] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added) [INFO ][2023-07-21 22:10:22,358] _scanDataPart() :: Result: 177244-177295 (51 bytes) 0002B45C 00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00 ........W..?.... 0002B46C 00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00 ...3............ 0002B47C 9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00 ....*...l...$... 0002B48C 87 02 00 ... [INFO ][2023-07-21 22:10:22,365] _scanDataPart() :: Result: 177856-177907 (51 bytes) 0002B6C0 00 00 12 00 A5 A7 00 00 25 DC 00 00 06 00 E3 C9 ........%....... 0002B6D0 00 00 2F 01 01 00 06 00 69 B2 00 00 B5 1D 00 00 ../.....i....... 0002B6E0 06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00 ..l.........v... 0002B6F0 FA B2 00 ... [INFO ][2023-07-21 22:10:22,373] _scanDataPart() :: Result: 178061-178086 (25b minChunk:16 X) 0002B78D 9E 00 00 FA B2 00 00 06 00 13 CD 00 00 B5 1D 00 ................ 0002B79D 00 06 00 63 B2 00 00 B5 1D ...c..... [INFO ][2023-07-21 22:10:22,375] _scanDataPart() :: Result: 178137-178163 (26b minChunk:16 X) 0002B7D9 00 06 00 73 DB 00 00 FA B2 00 00 12 00 74 F1 00 ...s.........t.. 0002B7E9 00 9B F5 00 00 06 00 6F F0 00 .......o.. [INFO ][2023-07-21 22:10:22,380] _scanDataPart() :: Result: 178418-178470 (52 bytes) 0002B8F2 06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00 ............T... 0002B902 B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00 ......,......... 0002B912 F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E5 F8 ..........H..... 0002B922 00 00 06 00 .... [INFO ][2023-07-21 22:10:22,390] _scanDataPart() :: Result: 178930-178955 (25b minChunk:16 X) 0002BAF2 27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D '..............- 0002BB02 00 00 0A 00 E2 AE 00 00 E5 ......... [INFO ][2023-07-21 22:10:22,390] _scanDataPart() :: Result: 178955-178981 (26b minChunk:16 X) 0002BB0B F8 00 00 0A 00 37 94 00 00 E5 F8 00 00 06 00 A6 .....7.......... 0002BB1B 09 01 00 B5 1D 00 00 06 00 7C .........| [INFO ][2023-07-21 22:10:22,397] _scanDataPart() :: Result: 179414-179440 (26b minChunk:16 X) 0002BCD6 B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00 ................ 0002BCE6 55 CB 00 00 FA B2 00 00 06 00 U......... [INFO ][2023-07-21 22:10:22,399] _scanDataPart() :: Result: 179440-179465 (25b minChunk:16 X) 0002BCF0 5E C1 00 00 B5 1D 00 00 06 00 A0 A2 00 00 2F 01 ^............./. 0002BD00 01 00 06 00 F1 EE 00 00 14 ......... [INFO ][2023-07-21 22:10:22,399] _scanDataPart() :: Result: 179465-179491 (26b minChunk:16 X) 0002BD09 DE 00 00 06 00 11 84 00 00 FA B2 00 00 06 00 8E ................ 0002BD19 C9 00 00 2B 07 01 00 06 00 67 ...+.....g [INFO ][2023-07-21 22:10:22,404] _scanDataPart() :: Result: 179618-179644 (26b minChunk:16 X) 0002BDA2 06 00 64 0D 00 00 FA B2 00 00 06 00 4E E2 00 00 ..d.........N... 0002BDB2 C7 BC 00 00 06 00 43 AA 00 00 ......C... [INFO ][2023-07-21 22:10:22,406] _scanDataPart() :: Result: 179644-179670 (26b minChunk:16 X) 0002BDBC B5 1D 00 00 06 00 3B 9A 00 00 8F E3 00 00 12 00 ......;......... 0002BDCC CD E0 00 00 E1 BA 00 00 12 00 .......... [INFO ][2023-07-21 22:10:22,406] _scanDataPart() :: Result: 179670-179696 (26b minChunk:16 X) 0002BDD6 B0 BE 00 00 E1 BA 00 00 12 00 E6 BE 00 00 E1 BA ................ 0002BDE6 00 00 06 00 DA 10 00 00 FA B2 .......... [INFO ][2023-07-21 22:10:22,415] _scanDataPart() :: Result: 179823-179849 (26b minChunk:16 X) 0002BE6F 00 C2 C3 00 00 1E 00 27 C9 00 00 C2 C3 00 00 06 .......'........ 0002BE7F 00 57 AD 00 00 FA B2 00 00 0A .W........ [INFO ][2023-07-21 22:10:22,417] _scanDataPart() :: Result: 179874-179900 (26b minChunk:16 X) 0002BEA2 4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00 L............... 0002BEB2 90 00 01 00 57 EC 00 00 1A 00 ....W..... [INFO ][2023-07-21 22:10:22,422] _scanDataPart() :: Result: 179900-179951 (51 bytes) 0002BEBC F1 82 00 00 FF B0 00 00 06 00 A8 85 00 00 FA B2 ................ 0002BECC 00 00 06 00 DB C1 00 00 B5 1D 00 00 06 00 1C C2 ................ 0002BEDC 00 00 FA B2 00 00 06 00 83 C2 00 00 C1 0A 01 00 ................ 0002BEEC 06 00 C0 ... [INFO ][2023-07-21 22:10:22,424] _scanDataPart() :: Result: 179951-179976 (25b minChunk:16 X) 0002BEEF C5 00 00 B5 1D 00 00 06 00 4F 0B 01 00 B8 E9 00 .........O...... 0002BEFF 00 12 00 AE BB 00 00 E1 BA ......... [INFO ][2023-07-21 22:10:22,424] _scanDataPart() :: Result: 179976-180002 (26b minChunk:16 X) 0002BF08 00 00 12 00 49 BE 00 00 25 DC 00 00 06 00 9E 98 ....I...%....... 0002BF18 00 00 57 EC 00 00 1A 00 99 C6 ..W....... [INFO ][2023-07-21 22:10:22,425] scan() :: Reducer Result: Time:0 Chunks:65 MatchesAdded:18 MatchesFinal:10 [INFO ][2023-07-21 22:10:31,602] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (386568-455116) [INFO ][2023-07-21 22:10:31,602] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:8 MinMatchSize:16 [INFO ][2023-07-21 22:10:31,602] _printStatus() :: Reducing: 66 chunks done, found 0 matches (18 added) [INFO ][2023-07-21 22:10:31,624] _scanDataPart() :: Result: 390868-390885 (17b minChunk:8 X) 0005F6D4 00 54 6F 55 49 6E 74 31 36 00 52 65 61 64 49 6E .ToUInt16.ReadIn 0005F6E4 74 t [INFO ][2023-07-21 22:10:31,626] _scanDataPart() :: Result: 390885-390901 (16b minChunk:8 X) 0005F6E5 31 36 00 53 48 41 32 35 36 00 58 38 36 00 41 46 16.SHA256.X86.AF [INFO ][2023-07-21 22:10:31,634] _scanDataPart() :: Result: 391772-391789 (17b minChunk:8 X) 0005FA5C 50 45 43 00 47 43 00 50 55 42 4C 49 43 00 55 44 PEC.GC.PUBLIC.UD 0005FA6C 50 P [INFO ][2023-07-21 22:10:31,644] _scanDataPart() :: Result: 392407-392424 (17b minChunk:8 X) 0005FCD7 44 00 50 6C 61 74 66 6F 72 6D 49 44 00 4C 6F 67 D.PlatformID.Log 0005FCE7 69 i [INFO ][2023-07-21 22:10:31,654] _scanDataPart() :: Doubling: minChunkSize: 8 minMatchSize: 16 [INFO ][2023-07-21 22:10:31,656] _scanDataPart() :: Result: 394164-394198 (34 bytes) 000603B4 4B 45 59 5F 49 4E 46 4F 00 53 79 73 74 65 6D 2E KEY_INFO.System. 000603C4 49 4F 00 67 65 74 5F 47 50 4F 00 41 75 64 69 74 IO.get_GPO.Audit 000603D4 50 6F Po [INFO ][2023-07-21 22:10:31,673] _scanDataPart() :: Result: 419351-419368 (17b minChunk:16 X) 00066617 64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00 43 de.PaddingMode.C 00066627 69 i [INFO ][2023-07-21 22:10:31,683] _scanDataPart() :: Result: 420272-420289 (17b minChunk:16 X) 000669B0 6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E 75 6D numerable.AsEnum 000669C0 65 e [INFO ][2023-07-21 22:10:31,683] _scanDataPart() :: Result: 420289-420306 (17b minChunk:16 X) 000669C1 72 61 62 6C 65 00 49 44 69 73 70 6F 73 61 62 6C rable.IDisposabl 000669D1 65 e [INFO ][2023-07-21 22:10:31,700] _scanDataPart() :: Result: 420875-420908 (33b minChunk:16 X) 00066C0B 74 70 75 74 46 69 6C 65 00 6F 75 74 70 75 74 46 tputFile.outputF 00066C1B 69 6C 65 00 46 69 6E 64 4E 65 78 74 46 69 6C 65 ile.FindNextFile 00066C2B 00 . [INFO ][2023-07-21 22:10:31,704] _scanDataPart() :: Result: 420975-421008 (33b minChunk:16 X) 00066C6F 57 69 6E 64 6F 77 73 42 75 69 6C 74 49 6E 52 6F WindowsBuiltInRo 00066C7F 6C 65 00 43 6F 6E 73 6F 6C 65 00 67 65 74 5F 54 le.Console.get_T 00066C8F 69 i [INFO ][2023-07-21 22:10:31,706] _scanDataPart() :: Result: 421042-421075 (33b minChunk:16 X) 00066CB2 77 73 46 69 72 65 77 61 6C 6C 52 75 6C 65 00 41 wsFirewallRule.A 00066CC2 73 72 52 75 6C 65 00 50 72 6F 63 65 73 73 4D 6F srRule.ProcessMo 00066CD2 64 d [INFO ][2023-07-21 22:10:31,707] _scanDataPart() :: Result: 421075-421092 (17b minChunk:16 X) 00066CD3 75 6C 65 00 72 75 6C 65 00 67 65 74 5F 47 50 4F ule.rule.get_GPO 00066CE3 4E N [INFO ][2023-07-21 22:10:31,721] _scanDataPart() :: Result: 425309-425326 (17b minChunk:16 X) 00067D5D 00 67 65 74 5F 50 72 6F 70 65 72 74 79 54 79 70 .get_PropertyTyp 00067D6D 65 e [INFO ][2023-07-21 22:10:31,723] _scanDataPart() :: Result: 425326-425359 (33b minChunk:16 X) 00067D6E 00 74 79 70 65 00 46 69 6C 65 53 68 61 72 65 00 .type.FileShare. 00067D7E 73 68 61 72 65 00 43 6F 6D 70 61 72 65 00 53 65 share.Compare.Se 00067D8E 74 t [INFO ][2023-07-21 22:10:31,734] _scanDataPart() :: Result: 427719-427736 (17b minChunk:16 X) 000686C7 78 65 00 70 72 6F 64 75 63 74 45 78 65 00 53 65 xe.productExe.Se 000686D7 61 a [INFO ][2023-07-21 22:10:31,736] _scanDataPart() :: Result: 427736-427769 (33b minChunk:16 X) 000686D8 74 62 65 6C 74 2E 65 78 65 00 67 65 74 5F 53 69 tbelt.exe.get_Si 000686E8 7A 65 00 73 65 74 5F 53 69 7A 65 00 43 72 65 64 ze.set_Size.Cred 000686F8 65 e [INFO ][2023-07-21 22:10:31,744] _scanDataPart() :: Result: 429075-429108 (33b minChunk:16 X) 00068C13 47 65 74 53 74 72 69 6E 67 00 50 61 72 73 65 4D GetString.ParseM 00068C23 72 75 53 74 72 69 6E 67 00 53 75 62 73 74 72 69 ruString.Substri 00068C33 6E n [INFO ][2023-07-21 22:10:31,758] _scanDataPart() :: Result: 429476-429509 (33b minChunk:16 X) 00068DA4 63 68 00 6D 61 74 63 68 00 53 74 6F 70 77 61 74 ch.match.Stopwat 00068DB4 63 68 00 6E 46 69 6C 65 53 69 7A 65 48 69 67 68 ch.nFileSizeHigh 00068DC4 00 . [INFO ][2023-07-21 22:10:31,763] _scanDataPart() :: Result: 429643-429660 (17b minChunk:16 X) 00068E4B 75 74 6F 46 6C 75 73 68 00 4D 61 74 68 00 50 61 utoFlush.Math.Pa 00068E5B 72 r [INFO ][2023-07-21 22:10:31,769] _scanDataPart() :: Result: 430146-430179 (33b minChunk:16 X) 00069042 74 68 00 62 69 6E 61 72 79 50 61 74 68 00 3C 3E th.binaryPath.<> 00069052 33 5F 5F 70 61 74 68 00 73 63 72 69 70 74 5F 70 3__path.script_p 00069062 61 a [INFO ][2023-07-21 22:10:31,781] _scanDataPart() :: Result: 432204-432221 (17b minChunk:16 X) 0006984C 75 72 6C 00 46 69 6C 65 53 74 72 65 61 6D 00 67 url.FileStream.g 0006985C 65 e [INFO ][2023-07-21 22:10:31,784] _scanDataPart() :: Result: 432221-432254 (33b minChunk:16 X) 0006985D 74 5F 45 6E 64 4F 66 53 74 72 65 61 6D 00 4D 65 t_EndOfStream.Me 0006986D 6D 6F 72 79 53 74 72 65 61 6D 00 5F 73 74 72 65 moryStream._stre 0006987D 61 a [INFO ][2023-07-21 22:10:31,789] _scanDataPart() :: Result: 432355-432388 (33b minChunk:16 X) 000698E3 6C 74 49 74 65 6D 00 76 61 75 6C 74 49 74 65 6D ltItem.vaultItem 000698F3 00 69 74 65 6D 00 4F 70 65 72 61 74 69 6E 67 53 .item.OperatingS 00069903 79 y [INFO ][2023-07-21 22:10:34,778] _scanDataPart() :: Result: 432388-432422 (34 bytes) 00069904 73 74 65 6D 00 53 79 6D 6D 65 74 72 69 63 41 6C stem.SymmetricAl 00069914 67 6F 72 69 74 68 6D 00 41 73 79 6D 6D 65 74 72 gorithm.Asymmetr 00069924 69 63 ic [INFO ][2023-07-21 22:10:34,779] _printStatus() :: Reducing: 199 chunks done, found 17 matches (42 added) [INFO ][2023-07-21 22:10:34,781] _scanDataPart() :: Doubling: minChunkSize: 16 minMatchSize: 32 [INFO ][2023-07-21 22:10:34,781] _scanDataPart() :: Result: 432422-432455 (33b minChunk:32 X) 00069926 41 6C 67 6F 72 69 74 68 6D 00 53 69 67 6E 61 74 Algorithm.Signat 00069936 75 72 65 41 6C 67 6F 72 69 74 68 6D 00 67 65 74 ureAlgorithm.get 00069946 5F _ [INFO ][2023-07-21 22:10:38,570] _printStatus() :: Reducing: 203 chunks done, found 17 matches (43 added) [INFO ][2023-07-21 22:10:38,570] _scanDataPart() :: Result: 432489-432522 (33b minChunk:32 X) 00069969 53 79 73 6D 6F 6E 48 61 73 68 41 6C 67 6F 72 69 SysmonHashAlgori 00069979 74 68 6D 00 54 72 69 6D 00 67 65 74 5F 44 65 6C thm.Trim.get_Del 00069989 65 e [INFO ][2023-07-21 22:10:42,440] _printStatus() :: Reducing: 205 chunks done, found 18 matches (44 added) [INFO ][2023-07-21 22:10:42,440] _scanDataPart() :: Result: 432589-432623 (34b minChunk:32 X) 000699CD 6F 72 6D 00 47 65 74 42 69 6E 61 72 79 46 6F 72 orm.GetBinaryFor 000699DD 6D 00 49 43 72 79 70 74 6F 54 72 61 6E 73 66 6F m.ICryptoTransfo 000699ED 72 6D rm [INFO ][2023-07-21 22:10:46,195] _printStatus() :: Reducing: 213 chunks done, found 19 matches (45 added) [INFO ][2023-07-21 22:10:46,195] _scanDataPart() :: Result: 436136-436170 (34b minChunk:32 X) 0006A7A8 74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D 65 6E tion.NotImplemen 0006A7B8 74 65 64 45 78 63 65 70 74 69 6F 6E 00 50 6C 61 tedException.Pla 0006A7C8 74 66 tf [INFO ][2023-07-21 22:10:50,000] _printStatus() :: Reducing: 215 chunks done, found 20 matches (46 added) [INFO ][2023-07-21 22:10:50,000] _scanDataPart() :: Result: 436170-436203 (33b minChunk:32 X) 0006A7CA 6F 72 6D 4E 6F 74 53 75 70 70 6F 72 74 65 64 45 ormNotSupportedE 0006A7DA 78 63 65 70 74 69 6F 6E 00 46 69 6C 65 4E 6F 74 xception.FileNot 0006A7EA 46 F [INFO ][2023-07-21 22:10:53,806] _printStatus() :: Reducing: 220 chunks done, found 20 matches (47 added) [INFO ][2023-07-21 22:10:53,806] _scanDataPart() :: Result: 436672-436706 (34b minChunk:32 X) 0006A9C0 65 73 6F 6C 75 74 69 6F 6E 00 53 79 73 74 65 6D esolution.System 0006A9D0 2E 44 61 74 61 2E 43 6F 6D 6D 6F 6E 00 53 74 72 .Data.Common.Str 0006A9E0 69 6E in [INFO ][2023-07-21 22:10:57,600] _printStatus() :: Reducing: 222 chunks done, found 21 matches (48 added) [INFO ][2023-07-21 22:10:57,600] _scanDataPart() :: Result: 436706-436739 (33b minChunk:32 X) 0006A9E2 67 43 6F 6D 70 61 72 69 73 6F 6E 00 5F 6A 73 6F gComparison._jso 0006A9F2 6E 00 55 70 6E 00 70 61 74 74 65 72 6E 00 44 6F n.Upn.pattern.Do 0006AA02 77 w [INFO ][2023-07-21 22:11:01,523] _printStatus() :: Reducing: 225 chunks done, found 21 matches (49 added) [INFO ][2023-07-21 22:11:01,523] _scanDataPart() :: Result: 436806-436840 (34b minChunk:32 X) 0006AA46 49 6E 66 6F 00 70 70 50 61 63 6B 61 67 65 49 6E Info.ppPackageIn 0006AA56 66 6F 00 43 72 65 64 65 6E 74 69 61 6C 46 69 6C fo.CredentialFil 0006AA66 65 49 eI [INFO ][2023-07-21 22:11:05,224] _printStatus() :: Reducing: 227 chunks done, found 22 matches (50 added) [INFO ][2023-07-21 22:11:05,224] _scanDataPart() :: Result: 436840-436873 (33b minChunk:32 X) 0006AA68 6E 66 6F 00 50 72 6F 66 69 6C 65 49 6E 66 6F 00 nfo.ProfileInfo. 0006AA78 47 65 74 4E 61 6D 65 49 6E 66 6F 00 43 75 6C 74 GetNameInfo.Cult 0006AA88 75 u [INFO ][2023-07-21 22:11:05,233] _scanDataPart() :: Result: 436907-436940 (33b minChunk:32 X) 0006AAAB 74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E 66 6F t_CredentialInfo 0006AABB 00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66 6F 00 .FileSystemInfo. 0006AACB 70 p [INFO ][2023-07-21 22:11:05,234] _scanDataPart() :: Result: 436940-436974 (34b minChunk:32 X) 0006AACC 70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74 5F 46 69 pJoinInfo.get_Fi 0006AADC 6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F 00 47 65 leVersionInfo.Ge 0006AAEC 74 56 tV [INFO ][2023-07-21 22:11:05,252] _scanDataPart() :: Result: 438112-438145 (33b minChunk:32 X) 0006AF60 61 6D 52 65 61 64 65 72 00 54 65 78 74 52 65 61 amReader.TextRea 0006AF70 64 65 72 00 42 69 6E 61 72 79 52 65 61 64 65 72 der.BinaryReader 0006AF80 00 . [INFO ][2023-07-21 22:11:05,253] _scanDataPart() :: Result: 438145-438179 (34b minChunk:32 X) 0006AF81 4F 6E 65 44 72 69 76 65 53 79 6E 63 50 72 6F 76 OneDriveSyncProv 0006AF91 69 64 65 72 00 53 48 41 31 43 72 79 70 74 6F 53 ider.SHA1CryptoS 0006AFA1 65 72 er [INFO ][2023-07-21 22:11:09,079] _printStatus() :: Reducing: 251 chunks done, found 24 matches (55 added) [INFO ][2023-07-21 22:11:09,079] _scanDataPart() :: Result: 439050-439083 (33b minChunk:32 X) 0006B30A 73 65 72 00 67 65 74 5F 4E 6F 74 41 66 74 65 72 ser.get_NotAfter 0006B31A 00 53 74 72 65 61 6D 57 72 69 74 65 72 00 5F 73 .StreamWriter._s 0006B32A 74 t [INFO ][2023-07-21 22:11:12,987] _printStatus() :: Reducing: 253 chunks done, found 25 matches (56 added) [INFO ][2023-07-21 22:11:12,987] _scanDataPart() :: Result: 439116-439149 (33b minChunk:32 X) 0006B34C 69 74 65 72 00 43 6F 6E 73 6F 6C 65 54 65 78 74 iter.ConsoleText 0006B35C 57 72 69 74 65 72 00 5F 74 65 78 74 57 72 69 74 Writer._textWrit 0006B36C 65 e [INFO ][2023-07-21 22:11:12,991] _scanDataPart() :: Result: 439250-439283 (33b minChunk:32 X) 0006B3D2 42 69 74 43 6F 6E 76 65 72 74 65 72 00 57 4D 49 BitConverter.WMI 0006B3E2 46 6F 72 6D 61 74 74 65 72 00 4C 41 50 53 46 6F Formatter.LAPSFo 0006B3F2 72 r [INFO ][2023-07-21 22:11:13,005] _scanDataPart() :: Result: 442463-442496 (33b minChunk:32 X) 0006C05F 74 45 6E 75 6D 65 72 61 74 6F 72 00 49 44 69 63 tEnumerator.IDic 0006C06F 74 69 6F 6E 61 72 79 45 6E 75 6D 65 72 61 74 6F tionaryEnumerato 0006C07F 72 r [INFO ][2023-07-21 22:11:13,006] _scanDataPart() :: Result: 442496-442530 (34b minChunk:32 X) 0006C080 00 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 41 .Administrator.A 0006C090 63 74 69 76 61 74 6F 72 00 2E 63 74 6F 72 00 2E ctivator..ctor.. 0006C0A0 63 63 cc [INFO ][2023-07-21 22:11:13,016] _scanDataPart() :: Result: 445007-445040 (33b minChunk:32 X) 0006CA4F 64 41 74 74 72 69 62 75 74 65 73 00 64 77 46 69 dAttributes.dwFi 0006CA5F 6C 65 41 74 74 72 69 62 75 74 65 73 00 46 69 6C leAttributes.Fil 0006CA6F 65 e [INFO ][2023-07-21 22:11:13,025] _scanDataPart() :: Result: 445977-446011 (34b minChunk:32 X) 0006CE19 4E 75 6D 41 72 67 73 00 43 6F 6D 6D 61 6E 64 4C NumArgs.CommandL 0006CE29 69 6E 65 54 6F 41 72 67 73 00 52 65 73 6F 6C 76 ineToArgs.Resolv 0006CE39 65 45 eE [INFO ][2023-07-21 22:11:13,032] _scanDataPart() :: Result: 446011-446044 (33b minChunk:32 X) 0006CE3B 76 65 6E 74 41 72 67 73 00 3C 3E 33 5F 5F 61 72 ventArgs.<>3__ar 0006CE4B 67 73 00 3C 3E 34 5F 5F 74 68 69 73 00 4D 69 63 gs.<>4__this.Mic 0006CE5B 72 r [INFO ][2023-07-21 22:11:13,046] _scanDataPart() :: Result: 447082-447115 (33b minChunk:32 X) 0006D26A 65 63 74 69 6F 6E 73 00 67 65 74 5F 43 6F 6E 6E ections.get_Conn 0006D27A 65 63 74 69 6F 6E 73 00 73 65 74 5F 43 6F 6E 6E ections.set_Conn 0006D28A 65 e [INFO ][2023-07-21 22:11:13,051] _scanDataPart() :: Result: 447350-447383 (33b minChunk:32 X) 0006D376 6E 73 00 53 74 72 69 6E 67 53 70 6C 69 74 4F 70 ns.StringSplitOp 0006D386 74 69 6F 6E 73 00 53 65 61 74 62 65 6C 74 4F 70 tions.SeatbeltOp 0006D396 74 t [INFO ][2023-07-21 22:11:13,057] _scanDataPart() :: Doubling: minChunkSize: 32 minMatchSize: 64 [INFO ][2023-07-21 22:11:13,059] _scanDataPart() :: Result: 448086-448153 (67b minChunk:64 X) 0006D656 73 00 44 65 73 69 72 65 64 41 63 63 65 73 73 00 s.DesiredAccess. 0006D666 70 64 77 47 72 61 6E 74 65 64 41 63 63 65 73 73 pdwGrantedAccess 0006D676 00 46 69 6C 65 41 63 63 65 73 73 00 41 6C 6C 41 .FileAccess.AllA 0006D686 63 63 65 73 73 00 50 6C 75 67 69 6E 41 63 63 65 ccess.PluginAcce 0006D696 73 73 00 ss. [INFO ][2023-07-21 22:11:13,064] _scanDataPart() :: Result: 448354-448421 (67b minChunk:64 X) 0006D762 4E 74 51 75 65 72 79 49 6E 66 6F 72 6D 61 74 69 NtQueryInformati 0006D772 6F 6E 50 72 6F 63 65 73 73 00 49 50 41 64 64 72 onProcess.IPAddr 0006D782 65 73 73 00 67 65 74 5F 41 64 64 72 65 73 73 00 ess.get_Address. 0006D792 67 65 74 5F 52 65 6D 6F 74 65 41 64 64 72 65 73 get_RemoteAddres 0006D7A2 73 00 72 s.r [INFO ][2023-07-21 22:11:13,067] _scanDataPart() :: Result: 448555-448689 (134 bytes) 0006D82B 49 70 41 64 64 72 65 73 73 00 69 70 41 64 64 72 IpAddress.ipAddr 0006D83B 65 73 73 00 57 54 53 43 6C 69 65 6E 74 41 64 64 ess.WTSClientAdd 0006D84B 72 65 73 73 00 53 65 61 74 62 65 6C 74 2E 43 6F ress.Seatbelt.Co 0006D85B 6D 6D 61 6E 64 73 2E 50 72 6F 64 75 63 74 73 00 mmands.Products. 0006D86B 41 74 74 72 69 62 75 74 65 54 61 72 67 65 74 73 AttributeTargets 0006D87B 00 55 73 65 72 52 69 67 68 74 73 00 52 65 67 69 .UserRights.Regi 0006D88B 73 74 72 79 52 69 67 68 74 73 00 63 55 6E 75 73 stryRights.cUnus 0006D89B 65 64 42 69 74 73 00 56 61 75 6C 74 45 6E 75 6D edBits.VaultEnum 0006D8AB 65 72 61 74 65 56 erateV [INFO ][2023-07-21 22:11:13,078] _scanDataPart() :: Result: 451968-452035 (67b minChunk:64 X) 0006E580 6E 53 61 6E 64 42 6F 78 49 6E 65 72 74 00 43 6F nSandBoxInert.Co 0006E590 6E 76 65 72 74 00 67 65 74 5F 50 6F 72 74 00 73 nvert.get_Port.s 0006E5A0 65 74 5F 50 6F 72 74 00 67 65 74 5F 52 65 6D 6F et_Port.get_Remo 0006E5B0 74 65 50 6F 72 74 00 72 65 6D 6F 74 65 50 6F 72 tePort.remotePor 0006E5C0 74 00 67 t.g [INFO ][2023-07-21 22:11:13,082] _scanDataPart() :: Result: 452236-452303 (67b minChunk:64 X) 0006E68C 73 74 00 5F 64 69 72 4C 69 73 74 00 41 72 72 61 st._dirList.Arra 0006E69C 79 4C 69 73 74 00 50 65 72 73 69 73 74 00 67 65 yList.Persist.ge 0006E6AC 74 5F 48 6F 73 74 00 73 65 74 5F 48 6F 73 74 00 t_Host.set_Host. 0006E6BC 57 72 69 74 65 48 6F 73 74 00 67 65 74 5F 52 65 WriteHost.get_Re 0006E6CC 6D 6F 74 mot [INFO ][2023-07-21 22:11:13,090] _scanDataPart() :: Result: 453307-453374 (67b minChunk:64 X) 0006EABB 72 61 79 00 53 74 72 69 6E 67 54 6F 42 79 74 65 ray.StringToByte 0006EACB 41 72 72 61 79 00 49 6E 69 74 69 61 6C 69 7A 65 Array.Initialize 0006EADB 41 72 72 61 79 00 54 6F 41 72 72 61 79 00 67 65 Array.ToArray.ge 0006EAEB 74 5F 49 73 41 72 72 61 79 00 50 61 72 73 65 43 t_IsArray.ParseC 0006EAFB 6C 61 73 las [INFO ][2023-07-21 22:11:13,096] _scanDataPart() :: Result: 453910-453977 (67b minChunk:64 X) 0006ED16 65 52 65 67 69 73 74 72 79 4B 65 79 00 3C 3E 33 eRegistryKey.<>3 0006ED26 5F 5F 6B 65 79 00 4E 6F 74 69 66 79 00 53 79 73 __key.Notify.Sys 0006ED36 74 65 6D 2E 53 65 63 75 72 69 74 79 2E 43 72 79 tem.Security.Cry 0006ED46 70 74 6F 67 72 61 70 68 79 00 67 65 74 5F 41 73 ptography.get_As 0006ED56 73 65 6D sem [INFO ][2023-07-21 22:11:13,103] _scanDataPart() :: Result: 454513-454580 (67b minChunk:64 X) 0006EF71 79 00 57 54 53 43 6C 69 65 6E 74 44 69 72 65 63 y.WTSClientDirec 0006EF81 74 6F 72 79 00 67 65 74 5F 43 6C 69 65 6E 74 44 tory.get_ClientD 0006EF91 69 72 65 63 74 6F 72 79 00 63 6C 69 65 6E 74 44 irectory.clientD 0006EFA1 69 72 65 63 74 6F 72 79 00 52 6F 6F 74 44 69 72 irectory.RootDir 0006EFB1 65 63 74 ect [INFO ][2023-07-21 22:11:13,108] _scanDataPart() :: Result: 454580-454647 (67b minChunk:64 X) 0006EFB4 6F 72 79 00 67 65 74 5F 48 69 73 74 6F 72 79 00 ory.get_History. 0006EFC4 68 69 73 74 6F 72 79 00 67 65 74 5F 45 6E 74 72 history.get_Entr 0006EFD4 79 00 73 65 74 5F 45 6E 74 72 79 00 57 69 66 69 y.set_Entry.Wifi 0006EFE4 50 72 6F 66 69 6C 65 45 6E 74 72 79 00 41 72 70 ProfileEntry.Arp 0006EFF4 45 6E 74 Ent [INFO ][2023-07-21 22:11:13,108] scan() :: Reducer Result: Time:42 Chunks:336 MatchesAdded:74 MatchesFinal:40 [INFO ][2023-07-21 22:11:13,109] handleFile() :: Result: 50 matches [INFO ][2023-07-21 22:11:13,109] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 22:11:14,629] save() :: Saving HashCache (62949) [INFO ][2023-07-21 22:11:14,700] verifyFile() :: Perform verification of matches [INFO ][2023-07-21 22:11:14,700] runVerifications() :: Verify 50 matches [INFO ][2023-07-21 22:12:42,017] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 22:14:09,111] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 22:15:29,647] runVerifications() :: Verification run: 2 FULL ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 22:16:50,525] runVerifications() :: Verification run: 3 FULLB ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 22:18:06,674] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 46 result: ScanResult.NOT_DETECTED Idx: 47 result: ScanResult.NOT_DETECTED Idx: 48 result: ScanResult.NOT_DETECTED Idx: 49 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 22:19:22,687] runVerifications() :: Verification run: 5 FULL INCREMENTAL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 46 result: ScanResult.NOT_DETECTED Idx: 47 result: ScanResult.NOT_DETECTED Idx: 48 result: ScanResult.NOT_DETECTED Idx: 49 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 22:20:37,045] runVerifications() :: Verification run: 6 FULL DECREMENTAL Idx: 49 result: ScanResult.NOT_DETECTED Idx: 48 result: ScanResult.NOT_DETECTED Idx: 47 result: ScanResult.NOT_DETECTED Idx: 46 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.DETECTED [INFO ][2023-07-21 22:20:37,047] runVerifications() :: Verification run: 7 MIDDLE8 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 22:20:38,602] runVerifications() :: Verification run: 8 THIRDS4 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 22:20:38,604] runVerifications() :: Verification run: 9 FULL ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 22:20:38,605] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 22:20:38,605] augmentFile() :: Perform augmentation of matches [INFO ][2023-07-21 22:20:39,111] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 22:20:41,725] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 22:20:41,726] outflankFile() :: Attempt to outflank the file [INFO ][2023-07-21 22:20:41,726] outflankDotnet() :: Outflank failed with attempted 0 patches [INFO ][2023-07-21 22:20:41,726] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 22:20:41,727] save() :: Saving HashCache (63255) [INFO ][2023-08-04 18:27:12,971] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-08-04 18:27:12,971] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-08-04 18:27:12,972] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-04 18:27:13,488] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-04 18:27:13,490] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-04 18:27:13,490] load() :: Loading HashCache [INFO ][2023-08-04 18:27:13,685] load() :: 77569 hashes loaded [INFO ][2023-08-04 18:27:13,685] save() :: Saving HashCache (77569) [INFO ][2023-08-04 18:27:13,765] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-04 18:27:14,324] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-04 18:27:21,078] init() :: DotnetData entries: 23564 [INFO ][2023-08-04 18:27:21,101] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-08-04 18:27:21,102] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:53:12,811] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-08-06 16:53:12,811] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-08-06 16:53:12,812] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 16:53:13,334] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 16:53:13,335] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-06 16:53:13,335] load() :: Loading HashCache [INFO ][2023-08-06 16:53:13,532] load() :: 77569 hashes loaded [INFO ][2023-08-06 16:53:13,532] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:53:13,611] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 16:53:14,173] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 16:53:20,953] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 16:53:20,976] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-08-06 16:53:20,977] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:27:23,890] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-08-06 17:27:23,890] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-08-06 17:27:23,891] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 17:27:24,411] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 17:27:24,412] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-06 17:27:24,412] load() :: Loading HashCache [INFO ][2023-08-06 17:27:24,603] load() :: 77569 hashes loaded [INFO ][2023-08-06 17:27:24,603] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:27:24,679] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 17:27:25,239] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 17:27:32,026] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 17:27:32,048] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-08-06 17:27:32,049] save() :: Saving HashCache (77569) [INFO ][2023-09-01 05:26:46,994] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-01 05:26:46,994] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-01 05:26:47,004] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:26:47,510] getDotNetSections() :: Offset: 7680 [WARNING ][2023-09-01 05:26:47,511] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-01 05:26:47,513] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-01 05:26:47,514] load() :: Loading HashCache [INFO ][2023-09-01 05:26:47,708] load() :: 85943 hashes loaded [INFO ][2023-09-01 05:26:47,708] save() :: Saving HashCache (85943) [INFO ][2023-09-01 05:26:47,790] save() :: Saving HashCache (85943) [INFO ][2023-09-24 19:21:37,039] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-24 19:21:37,039] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-24 19:21:37,041] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-24 19:21:37,042] parseFile() :: FilePe: Parse File [INFO ][2023-09-24 19:21:37,068] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-24 19:21:37,069] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-24 19:21:37,069] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-24 19:21:37,069] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-24 19:21:37,546] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-24 19:21:38,173] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-24 19:21:38,174] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-24 19:21:38,175] load() :: Loading HashCache [INFO ][2023-09-24 19:21:38,375] load() :: 101712 hashes loaded [INFO ][2023-09-24 19:21:38,375] save() :: Saving HashCache (101712) [INFO ][2023-09-24 19:21:38,471] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-24 19:21:45,022] init() :: DotnetData entries: 23564 [INFO ][2023-09-24 19:21:45,044] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-24 19:21:45,045] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:14:54,578] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:14:54,578] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:14:54,579] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:14:54,579] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:14:54,604] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:14:54,604] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:14:54,604] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:14:54,605] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:14:55,077] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:14:55,642] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-25 18:14:55,644] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:14:55,644] load() :: Loading HashCache [INFO ][2023-09-25 18:14:55,872] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:14:55,872] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:14:55,969] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:15:02,872] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:15:02,894] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:15:02,895] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:21:56,345] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:21:56,345] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:21:56,346] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:21:56,347] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:21:56,371] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:21:56,372] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:21:56,372] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:21:56,372] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:21:56,840] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:21:57,396] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-25 18:21:57,397] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:21:57,398] load() :: Loading HashCache [INFO ][2023-09-25 18:21:57,623] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:21:57,623] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:21:57,721] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:22:04,542] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:22:04,564] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:22:04,564] save() :: Saving HashCache (101712) [INFO ][2023-09-29 10:07:29,457] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-29 10:07:29,458] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-29 10:07:29,459] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 10:07:29,459] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 10:07:29,484] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 10:07:29,484] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 10:07:29,485] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 10:07:29,485] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 10:07:29,957] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-29 10:07:29,958] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 10:07:29,959] load() :: Loading HashCache [INFO ][2023-09-29 10:07:30,184] load() :: 102070 hashes loaded [INFO ][2023-09-29 10:07:30,185] save() :: Saving HashCache (102070) [INFO ][2023-09-29 10:07:30,279] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 10:07:37,156] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 10:07:37,178] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 10:07:37,178] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:12:02,852] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-29 12:12:02,853] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-29 12:12:02,854] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 12:12:02,854] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 12:12:02,879] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 12:12:02,879] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 12:12:02,879] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 12:12:02,880] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 12:12:02,880] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 12:12:02,880] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 12:12:02,880] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 12:12:03,355] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-29 12:12:03,357] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 12:12:03,358] load() :: Loading HashCache [INFO ][2023-09-29 12:12:03,582] load() :: 102070 hashes loaded [INFO ][2023-09-29 12:12:03,582] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:12:03,679] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 12:12:10,565] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 12:12:10,587] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 12:12:10,588] save() :: Saving HashCache (102070) [INFO ][2023-09-30 10:32:57,593] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-30 10:32:57,594] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe [INFO ][2023-09-30 10:32:57,595] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-30 10:32:57,595] parseFile() :: FilePe: Parse File [INFO ][2023-09-30 10:32:57,620] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-30 10:32:57,620] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-30 10:32:57,620] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-30 10:32:57,621] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-30 10:32:57,621] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-30 10:32:58,096] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-30 10:32:58,097] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-30 10:32:58,098] load() :: Loading HashCache [INFO ][2023-09-30 10:32:58,324] load() :: 102072 hashes loaded [INFO ][2023-09-30 10:32:58,324] save() :: Saving HashCache (102072) [INFO ][2023-09-30 10:32:58,424] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-30 10:33:05,311] init() :: DotnetData entries: 23564 [INFO ][2023-09-30 10:33:05,333] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-30 10:33:05,333] save() :: Saving HashCache (102072)