[INFO ][2023-07-07 17:33:13,873] main() :: Using file: app/upload/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-07-07 17:33:13,873] handleFile() :: Handle file: app/upload/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-07-07 17:33:13,874] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-07-07 17:33:14,170] getDotNetSections() :: Offset: 7680
[INFO ][2023-07-07 17:33:14,171] load() :: Loading HashCache
[INFO ][2023-07-07 17:33:14,194] load() :: 28593 hashes loaded
[INFO ][2023-07-07 17:33:19,347] handleFile() :: QuickCheck: 945ACE2428D95A13.Rubeus.exe.avg.exe is detected by avg and not hash based
[INFO ][2023-07-07 17:33:19,348] handleFile() :: Scanning for matches...
[INFO ][2023-07-07 17:33:19,348] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO ][2023-07-07 17:33:21,020] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO ][2023-07-07 17:33:22,746] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO ][2023-07-07 17:33:24,085] findDetectedSections() :: Hide: methods -> Detected: True
[INFO ][2023-07-07 17:33:24,794] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO ][2023-07-07 17:33:25,725] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO ][2023-07-07 17:33:27,298] findDetectedSections() :: Hide: #US -> Detected: True
[INFO ][2023-07-07 17:33:29,001] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO ][2023-07-07 17:33:30,639] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO ][2023-07-07 17:33:30,639] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly
[INFO ][2023-07-07 17:33:30,639] scanForMatchesInPe() :: section: #~
[INFO ][2023-07-07 17:33:30,639] scanForMatchesInPe() :: section: #Strings
[INFO ][2023-07-07 17:33:30,639] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (166296-257392)
[INFO ][2023-07-07 17:33:30,639] scan() :: Reducer Start: ScanSpeed:ScanSpeed.Normal Iteration:0
[INFO ][2023-07-07 17:33:30,639] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:33,070] _printStatus() :: Reducing: 2 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:35,646] _printStatus() :: Reducing: 3 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:38,285] _printStatus() :: Reducing: 4 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:40,928] _printStatus() :: Reducing: 5 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:43,700] _printStatus() :: Reducing: 6 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:45,740] _printStatus() :: Reducing: 7 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:47,812] _printStatus() :: Reducing: 8 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:49,872] _printStatus() :: Reducing: 9 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:51,920] _printStatus() :: Reducing: 10 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:54,610] _printStatus() :: Reducing: 11 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:57,369] _printStatus() :: Reducing: 12 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:33:59,442] _printStatus() :: Reducing: 13 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:34:01,488] _printStatus() :: Reducing: 14 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:34:04,269] _printStatus() :: Reducing: 15 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:34:07,021] _printStatus() :: Reducing: 16 chunks done, found 0 matches (0 added)
[INFO ][2023-07-07 17:34:07,022] _scanDataPart() :: Result: 166304-166307 (3 bytes)
000289A0 57 FF A2 W..
[INFO ][2023-07-07 17:34:09,752] _printStatus() :: Reducing: 18 chunks done, found 1 matches (1 added)
[INFO ][2023-07-07 17:34:09,752] _scanDataPart() :: Result: 166307-166312 (5 bytes)
000289A3 3F 09 1E 00 00 ?....
[INFO ][2023-07-07 17:34:11,827] _printStatus() :: Reducing: 20 chunks done, found 1 matches (2 added)
[INFO ][2023-07-07 17:34:13,871] _scanDataPart() :: Result: 166318-166329 (11 bytes)
000289AE 00 00 01 00 00 00 F7 00 00 00 67 ..........g
[INFO ][2023-07-07 17:34:13,871] _printStatus() :: Reducing: 21 chunks done, found 2 matches (3 added)
[INFO ][2023-07-07 17:34:15,850] _scanDataPart() :: Result: 166329-166340 (11 bytes)
000289B9 01 00 00 A4 06 00 00 22 08 00 00 ......."...
[INFO ][2023-07-07 17:34:18,503] _printStatus() :: Reducing: 23 chunks done, found 2 matches (4 added)
[INFO ][2023-07-07 17:34:21,293] _printStatus() :: Reducing: 24 chunks done, found 2 matches (4 added)
[INFO ][2023-07-07 17:34:23,369] _printStatus() :: Reducing: 25 chunks done, found 2 matches (4 added)
[INFO ][2023-07-07 17:34:25,467] _printStatus() :: Reducing: 26 chunks done, found 2 matches (4 added)
[INFO ][2023-07-07 17:34:28,217] _printStatus() :: Reducing: 27 chunks done, found 2 matches (4 added)
[INFO ][2023-07-07 17:34:30,992] _printStatus() :: Reducing: 28 chunks done, found 2 matches (4 added)
[INFO ][2023-07-07 17:34:30,992] _scanDataPart() :: Result: 166570-166573 (3 bytes)
00028AAA B0 87 B7 ...
[INFO ][2023-07-07 17:34:33,703] _printStatus() :: Reducing: 30 chunks done, found 3 matches (5 added)
[INFO ][2023-07-07 17:34:33,703] _scanDataPart() :: Result: 166573-166578 (5 bytes)
00028AAD CA 06 00 8B 07 .....
[INFO ][2023-07-07 17:34:35,784] _printStatus() :: Reducing: 32 chunks done, found 3 matches (6 added)
[INFO ][2023-07-07 17:34:39,109] _printStatus() :: Reducing: 33 chunks done, found 3 matches (6 added)
[INFO ][2023-07-07 17:34:39,110] _scanDataPart() :: Result: 166584-166589 (5 bytes)
00028AB8 8D 87 06 00 5B ....[
[INFO ][2023-07-07 17:34:41,828] _printStatus() :: Reducing: 35 chunks done, found 4 matches (7 added)
[INFO ][2023-07-07 17:34:41,829] _scanDataPart() :: Result: 166592-166595 (3 bytes)
00028AC0 06 00 FE ...
[INFO ][2023-07-07 17:34:43,873] _scanDataPart() :: Result: 166595-166606 (11 bytes)
00028AC3 99 B7 CA 06 00 D6 A1 B7 CA 06 00 ...........
[INFO ][2023-07-07 17:34:43,873] _printStatus() :: Reducing: 37 chunks done, found 5 matches (9 added)
[INFO ][2023-07-07 17:34:45,910] _printStatus() :: Reducing: 38 chunks done, found 5 matches (9 added)
[INFO ][2023-07-07 17:34:48,677] _printStatus() :: Reducing: 39 chunks done, found 5 matches (9 added)
[INFO ][2023-07-07 17:34:51,446] _printStatus() :: Reducing: 40 chunks done, found 5 matches (9 added)
[INFO ][2023-07-07 17:34:54,179] _printStatus() :: Reducing: 41 chunks done, found 5 matches (9 added)
[INFO ][2023-07-07 17:34:56,940] _printStatus() :: Reducing: 42 chunks done, found 5 matches (9 added)
[INFO ][2023-07-07 17:34:59,014] _scanDataPart() :: Result: 166806-166817 (11 bytes)
00028B96 8D 87 06 00 E4 99 B7 CA 06 00 91 ...........
[INFO ][2023-07-07 17:34:59,014] _printStatus() :: Reducing: 43 chunks done, found 6 matches (10 added)
[INFO ][2023-07-07 17:35:01,731] _printStatus() :: Reducing: 44 chunks done, found 6 matches (10 added)
[INFO ][2023-07-07 17:35:04,450] _printStatus() :: Reducing: 45 chunks done, found 6 matches (10 added)
[INFO ][2023-07-07 17:35:07,216] _printStatus() :: Reducing: 46 chunks done, found 6 matches (10 added)
[INFO ][2023-07-07 17:35:09,243] _printStatus() :: Reducing: 47 chunks done, found 6 matches (10 added)
[INFO ][2023-07-07 17:35:11,945] _printStatus() :: Reducing: 48 chunks done, found 6 matches (10 added)
[INFO ][2023-07-07 17:35:13,958] _scanDataPart() :: Result: 166834-166840 (6 bytes)
00028BB2 90 42 B7 CA 16 00 .B....
[INFO ][2023-07-07 17:35:13,959] _printStatus() :: Reducing: 49 chunks done, found 7 matches (11 added)
[INFO ][2023-07-07 17:35:16,710] _printStatus() :: Reducing: 50 chunks done, found 7 matches (11 added)
[INFO ][2023-07-07 17:35:18,772] _scanDataPart() :: Result: 166845-166851 (6 bytes)
00028BBD 00 1F 92 B7 CA 06 ......
[INFO ][2023-07-07 17:35:18,772] _printStatus() :: Reducing: 51 chunks done, found 8 matches (12 added)
[INFO ][2023-07-07 17:35:21,481] _printStatus() :: Reducing: 52 chunks done, found 8 matches (12 added)
[INFO ][2023-07-07 17:35:24,209] _printStatus() :: Reducing: 53 chunks done, found 8 matches (12 added)
[INFO ][2023-07-07 17:35:26,955] _printStatus() :: Reducing: 54 chunks done, found 8 matches (12 added)
[INFO ][2023-07-07 17:35:29,702] _printStatus() :: Reducing: 55 chunks done, found 8 matches (12 added)
[INFO ][2023-07-07 17:35:32,421] _printStatus() :: Reducing: 56 chunks done, found 8 matches (12 added)
[INFO ][2023-07-07 17:35:35,154] _printStatus() :: Reducing: 57 chunks done, found 8 matches (12 added)
[INFO ][2023-07-07 17:35:37,187] _scanDataPart() :: Result: 167307-167318 (11 bytes)
00028D8B 00 B3 17 B7 CA 06 00 3C AF B7 CA .......<...
[INFO ][2023-07-07 17:35:37,187] _printStatus() :: Reducing: 58 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:39,951] _printStatus() :: Reducing: 59 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:42,668] _printStatus() :: Reducing: 60 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:45,429] _printStatus() :: Reducing: 61 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:48,181] _printStatus() :: Reducing: 62 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:50,929] _printStatus() :: Reducing: 63 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:53,677] _printStatus() :: Reducing: 64 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:56,419] _printStatus() :: Reducing: 65 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:59,101] _printStatus() :: Reducing: 66 chunks done, found 9 matches (13 added)
[INFO ][2023-07-07 17:35:59,101] _scanDataPart() :: Result: 167907-167912 (5 bytes)
00028FE3 00 BA 95 B7 CA .....
[INFO ][2023-07-07 17:35:59,101] scan() :: Reducer Result: Time:148 Chunks:66 MatchesAdded:14 MatchesFinal:10
[INFO ][2023-07-07 17:35:59,101] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (257392-310088)
[INFO ][2023-07-07 17:35:59,101] scan() :: Reducer Start: ScanSpeed:ScanSpeed.Normal Iteration:1
[INFO ][2023-07-07 17:35:59,101] _printStatus() :: Reducing: 67 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:03,082] _printStatus() :: Reducing: 69 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:05,596] _printStatus() :: Reducing: 70 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:08,330] _printStatus() :: Reducing: 71 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:11,062] _printStatus() :: Reducing: 72 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:13,768] _printStatus() :: Reducing: 73 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:16,480] _printStatus() :: Reducing: 74 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:19,259] _printStatus() :: Reducing: 75 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:21,931] _printStatus() :: Reducing: 76 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:24,660] _printStatus() :: Reducing: 77 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:27,419] _printStatus() :: Reducing: 78 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:30,121] _printStatus() :: Reducing: 79 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:32,810] _printStatus() :: Reducing: 80 chunks done, found 0 matches (14 added)
[INFO ][2023-07-07 17:36:34,861] _scanDataPart() :: Result: 263457-263464 (7 bytes)
00040521 41 00 52 53 41 00 5F A.RSA._
[INFO ][2023-07-07 17:36:34,861] _printStatus() :: Reducing: 81 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:37,632] _printStatus() :: Reducing: 82 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:40,427] _printStatus() :: Reducing: 83 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:43,137] _printStatus() :: Reducing: 84 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:45,841] _printStatus() :: Reducing: 85 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:48,586] _printStatus() :: Reducing: 86 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:51,332] _printStatus() :: Reducing: 87 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:54,099] _printStatus() :: Reducing: 88 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:56,801] _printStatus() :: Reducing: 89 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:36:59,428] _printStatus() :: Reducing: 90 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:37:02,150] _printStatus() :: Reducing: 91 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:37:04,887] _printStatus() :: Reducing: 92 chunks done, found 1 matches (15 added)
[INFO ][2023-07-07 17:37:06,878] _scanDataPart() :: Result: 274430-274437 (7 bytes)
00042FFE 64 00 4F 69 64 00 67 d.Oid.g
[INFO ][2023-07-07 17:37:08,921] _printStatus() :: Reducing: 94 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:10,947] _printStatus() :: Reducing: 95 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:13,672] _printStatus() :: Reducing: 96 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:17,107] _printStatus() :: Reducing: 97 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:19,817] _printStatus() :: Reducing: 98 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:22,541] _printStatus() :: Reducing: 99 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:25,225] _printStatus() :: Reducing: 100 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:27,927] _printStatus() :: Reducing: 101 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:29,987] _printStatus() :: Reducing: 102 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:32,704] _printStatus() :: Reducing: 103 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:35,401] _printStatus() :: Reducing: 104 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:38,144] _printStatus() :: Reducing: 105 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:40,858] _printStatus() :: Reducing: 106 chunks done, found 2 matches (16 added)
[INFO ][2023-07-07 17:37:40,858] _scanDataPart() :: Result: 287594-287598 (4 bytes)
0004636A 52 75 62 65 Rube
[INFO ][2023-07-07 17:37:43,499] _printStatus() :: Reducing: 108 chunks done, found 3 matches (17 added)
[INFO ][2023-07-07 17:37:46,222] _printStatus() :: Reducing: 109 chunks done, found 3 matches (17 added)
[INFO ][2023-07-07 17:37:48,962] _printStatus() :: Reducing: 110 chunks done, found 3 matches (17 added)
[INFO ][2023-07-07 17:37:51,004] _scanDataPart() :: Result: 287598-287604 (6 bytes)
0004636E 75 73 2E 65 78 65 us.exe
[INFO ][2023-07-07 17:37:51,004] _printStatus() :: Reducing: 111 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:37:53,695] _printStatus() :: Reducing: 112 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:37:56,456] _printStatus() :: Reducing: 113 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:37:59,150] _printStatus() :: Reducing: 114 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:38:01,812] _printStatus() :: Reducing: 115 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:38:04,540] _printStatus() :: Reducing: 116 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:38:07,301] _printStatus() :: Reducing: 117 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:38:09,961] _printStatus() :: Reducing: 118 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:38:12,708] _printStatus() :: Reducing: 119 chunks done, found 3 matches (18 added)
[INFO ][2023-07-07 17:38:14,762] _scanDataPart() :: Result: 289528-289534 (6 bytes)
00046AF8 70 74 50 61 74 68 ptPath
[INFO ][2023-07-07 17:38:14,762] _printStatus() :: Reducing: 120 chunks done, found 4 matches (19 added)
[WARNING ][2023-07-07 17:38:14,763] _scanDataPart() :: Doubling minMatchSize to 16
[INFO ][2023-07-07 17:38:16,794] _printStatus() :: Reducing: 121 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:19,528] _printStatus() :: Reducing: 122 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:22,265] _printStatus() :: Reducing: 123 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:25,023] _printStatus() :: Reducing: 124 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:27,773] _printStatus() :: Reducing: 125 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:30,500] _printStatus() :: Reducing: 126 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:33,243] _printStatus() :: Reducing: 127 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:35,324] _printStatus() :: Reducing: 128 chunks done, found 4 matches (19 added)
[INFO ][2023-07-07 17:38:37,372] _scanDataPart() :: Result: 292126-292152 (26 bytes)
0004751E 6D 00 41 73 79 6D 6D 65 74 72 69 63 41 6C 67 6F m.AsymmetricAlgo
0004752E 72 69 74 68 6D 00 48 61 73 68 rithm.Hash
[INFO ][2023-07-07 17:38:37,372] _printStatus() :: Reducing: 129 chunks done, found 5 matches (20 added)
[INFO ][2023-07-07 17:38:40,142] _printStatus() :: Reducing: 130 chunks done, found 5 matches (20 added)
[INFO ][2023-07-07 17:38:42,237] _scanDataPart() :: Result: 292152-292165 (13 bytes)
00047538 41 6C 67 6F 72 69 74 68 6D 00 4B 65 79 Algorithm.Key
[INFO ][2023-07-07 17:38:42,237] _printStatus() :: Reducing: 131 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:38:44,247] _printStatus() :: Reducing: 132 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:38:46,912] _printStatus() :: Reducing: 133 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:38:49,678] _printStatus() :: Reducing: 134 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:38:52,356] _printStatus() :: Reducing: 135 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:38:55,086] _printStatus() :: Reducing: 136 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:38:57,192] _printStatus() :: Reducing: 137 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:38:59,918] _printStatus() :: Reducing: 138 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:39:02,666] _printStatus() :: Reducing: 139 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:39:05,504] _printStatus() :: Reducing: 140 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:39:08,186] _printStatus() :: Reducing: 141 chunks done, found 5 matches (21 added)
[INFO ][2023-07-07 17:39:08,186] _scanDataPart() :: Result: 294799-294803 (4 bytes)
00047F8F 43 72 79 70 Cryp
[INFO ][2023-07-07 17:39:10,858] _printStatus() :: Reducing: 143 chunks done, found 6 matches (22 added)
[INFO ][2023-07-07 17:39:12,878] _scanDataPart() :: Result: 294803-294829 (26 bytes)
00047F93 74 6F 67 72 61 70 68 69 63 45 78 63 65 70 74 69 tographicExcepti
00047FA3 6F 6E 00 41 72 69 74 68 6D 65 on.Arithme
[INFO ][2023-07-07 17:39:12,879] _printStatus() :: Reducing: 144 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:14,918] _printStatus() :: Reducing: 145 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:17,660] _printStatus() :: Reducing: 146 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:20,474] _printStatus() :: Reducing: 147 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:23,208] _printStatus() :: Reducing: 148 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:25,304] _printStatus() :: Reducing: 149 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:28,055] _printStatus() :: Reducing: 150 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:30,795] _printStatus() :: Reducing: 151 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:33,493] _printStatus() :: Reducing: 152 chunks done, found 6 matches (23 added)
[INFO ][2023-07-07 17:39:35,532] _scanDataPart() :: Result: 295722-295729 (7 bytes)
0004832A 43 73 70 4B 65 79 43 CspKeyC
[INFO ][2023-07-07 17:39:35,532] _printStatus() :: Reducing: 153 chunks done, found 7 matches (24 added)
[INFO ][2023-07-07 17:39:38,235] _printStatus() :: Reducing: 154 chunks done, found 7 matches (24 added)
[INFO ][2023-07-07 17:39:40,977] _printStatus() :: Reducing: 155 chunks done, found 7 matches (24 added)
[INFO ][2023-07-07 17:39:43,033] _scanDataPart() :: Result: 295729-295742 (13 bytes)
00048331 6F 6E 74 61 69 6E 65 72 49 6E 66 6F 00 ontainerInfo.
[INFO ][2023-07-07 17:39:43,033] _printStatus() :: Reducing: 156 chunks done, found 7 matches (25 added)
[INFO ][2023-07-07 17:39:45,776] _printStatus() :: Reducing: 157 chunks done, found 7 matches (25 added)
[INFO ][2023-07-07 17:39:48,571] _printStatus() :: Reducing: 158 chunks done, found 7 matches (25 added)
[INFO ][2023-07-07 17:39:50,624] _printStatus() :: Reducing: 159 chunks done, found 7 matches (25 added)
[INFO ][2023-07-07 17:39:53,354] _printStatus() :: Reducing: 160 chunks done, found 7 matches (25 added)
[INFO ][2023-07-07 17:39:56,069] _printStatus() :: Reducing: 161 chunks done, found 7 matches (25 added)
[INFO ][2023-07-07 17:39:58,155] _scanDataPart() :: Result: 296785-296811 (26 bytes)
00048751 65 72 00 53 48 41 31 43 72 79 70 74 6F 53 65 72 er.SHA1CryptoSer
00048761 76 69 63 65 50 72 6F 76 69 64 viceProvid
[INFO ][2023-07-07 17:39:58,155] _printStatus() :: Reducing: 162 chunks done, found 8 matches (26 added)
[INFO ][2023-07-07 17:40:00,914] _printStatus() :: Reducing: 163 chunks done, found 8 matches (26 added)
[INFO ][2023-07-07 17:40:03,025] _printStatus() :: Reducing: 164 chunks done, found 8 matches (26 added)
[INFO ][2023-07-07 17:40:05,017] _scanDataPart() :: Result: 296811-296836 (25 bytes)
0004876B 65 72 00 52 53 41 43 72 79 70 74 6F 53 65 72 76 er.RSACryptoServ
0004877B 69 63 65 50 72 6F 76 69 64 iceProvid
[INFO ][2023-07-07 17:40:07,776] _printStatus() :: Reducing: 166 chunks done, found 8 matches (27 added)
[INFO ][2023-07-07 17:40:10,505] _printStatus() :: Reducing: 167 chunks done, found 8 matches (27 added)
[INFO ][2023-07-07 17:40:13,276] _printStatus() :: Reducing: 168 chunks done, found 8 matches (27 added)
[INFO ][2023-07-07 17:40:13,277] _scanDataPart() :: Result: 296836-296839 (3 bytes)
00048784 65 72 00 er.
[INFO ][2023-07-07 17:40:15,361] _printStatus() :: Reducing: 170 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:17,447] _printStatus() :: Reducing: 171 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:20,182] _printStatus() :: Reducing: 172 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:22,881] _printStatus() :: Reducing: 173 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:25,623] _printStatus() :: Reducing: 174 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:28,449] _printStatus() :: Reducing: 175 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:31,144] _printStatus() :: Reducing: 176 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:33,850] _printStatus() :: Reducing: 177 chunks done, found 8 matches (28 added)
[INFO ][2023-07-07 17:40:37,853] _scanDataPart() :: Result: 298816-298842 (26 bytes)
00048F40 72 61 74 6F 72 00 52 61 6E 64 6F 6D 4E 75 6D 62 rator.RandomNumb
00048F50 65 72 47 65 6E 65 72 61 74 6F erGenerato
[INFO ][2023-07-07 17:40:37,853] _printStatus() :: Reducing: 179 chunks done, found 9 matches (29 added)
[INFO ][2023-07-07 17:40:40,557] _printStatus() :: Reducing: 180 chunks done, found 9 matches (29 added)
[WARNING ][2023-07-07 17:40:40,557] _scanDataPart() :: Doubling minMatchSize to 32
[INFO ][2023-07-07 17:40:43,289] _printStatus() :: Reducing: 181 chunks done, found 9 matches (29 added)
[INFO ][2023-07-07 17:40:46,021] _printStatus() :: Reducing: 182 chunks done, found 9 matches (29 added)
[INFO ][2023-07-07 17:40:46,021] _scanDataPart() :: Result: 298842-298845 (3 bytes)
00048F5A 72 00 67 r.g
[INFO ][2023-07-07 17:40:48,759] _printStatus() :: Reducing: 184 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:40:51,484] _printStatus() :: Reducing: 185 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:40:54,235] _printStatus() :: Reducing: 186 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:40:56,991] _printStatus() :: Reducing: 187 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:40:59,761] _printStatus() :: Reducing: 188 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:41:02,508] _printStatus() :: Reducing: 189 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:41:05,218] _printStatus() :: Reducing: 190 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:41:07,933] _printStatus() :: Reducing: 191 chunks done, found 9 matches (30 added)
[INFO ][2023-07-07 17:41:09,950] _scanDataPart() :: Result: 302252-302265 (13 bytes)
00049CAC 52 53 41 50 61 72 61 6D 65 74 65 72 73 RSAParameters
[INFO ][2023-07-07 17:41:09,950] _printStatus() :: Reducing: 192 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:12,665] _printStatus() :: Reducing: 193 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:15,390] _printStatus() :: Reducing: 194 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:18,029] _printStatus() :: Reducing: 195 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:20,707] _printStatus() :: Reducing: 196 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:23,468] _printStatus() :: Reducing: 197 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:26,276] _printStatus() :: Reducing: 198 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:28,992] _printStatus() :: Reducing: 199 chunks done, found 10 matches (31 added)
[INFO ][2023-07-07 17:41:31,089] _scanDataPart() :: Result: 309264-309315 (51 bytes)
0004B810 65 70 6B 65 79 00 4F 61 6B 6C 65 79 00 48 61 73 epkey.Oakley.Has
0004B820 4E 6F 74 69 66 79 00 53 79 73 74 65 6D 2E 53 65 Notify.System.Se
0004B830 63 75 72 69 74 79 2E 43 72 79 70 74 6F 67 72 61 curity.Cryptogra
0004B840 70 68 79 phy
[INFO ][2023-07-07 17:41:31,089] scan() :: Reducer Result: Time:332 Chunks:199 MatchesAdded:32 MatchesFinal:11
[INFO ][2023-07-07 17:41:31,090] handleFile() :: Result: 21 matches
[INFO ][2023-07-07 17:41:31,090] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-07-07 17:41:32,142] save() :: Saving HashCache (28981)
[INFO ][2023-07-07 17:41:32,169] verifyFile() :: Perform verification of matches
[INFO ][2023-07-07 17:41:32,169] runVerifications() :: Verify 21 matches
[INFO ][2023-07-07 17:41:39,357] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:41:46,473] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:42:09,973] runVerifications() :: Verification run: 2 FULL ISOLATED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.DETECTED
result: ScanResult.DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:42:34,192] runVerifications() :: Verification run: 3 FULLB ISOLATED
result: ScanResult.DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.DETECTED
result: ScanResult.DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:42:40,274] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
result: ScanResult.NOT_SCANNED
Idx: 1 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
Idx: 14 result: ScanResult.NOT_DETECTED
Idx: 15 result: ScanResult.NOT_DETECTED
Idx: 16 result: ScanResult.NOT_DETECTED
Idx: 17 result: ScanResult.NOT_DETECTED
Idx: 18 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
Idx: 20 result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:43:00,785] runVerifications() :: Verification run: 5 FULL INCREMENTAL
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 1 result: ScanResult.NOT_DETECTED
Idx: 2 result: ScanResult.NOT_DETECTED
Idx: 3 result: ScanResult.NOT_DETECTED
Idx: 4 result: ScanResult.NOT_DETECTED
Idx: 5 result: ScanResult.NOT_DETECTED
Idx: 6 result: ScanResult.NOT_DETECTED
Idx: 7 result: ScanResult.NOT_DETECTED
Idx: 8 result: ScanResult.NOT_DETECTED
Idx: 9 result: ScanResult.NOT_DETECTED
Idx: 10 result: ScanResult.NOT_DETECTED
Idx: 11 result: ScanResult.NOT_DETECTED
Idx: 12 result: ScanResult.NOT_DETECTED
Idx: 13 result: ScanResult.NOT_DETECTED
Idx: 14 result: ScanResult.NOT_DETECTED
Idx: 15 result: ScanResult.NOT_DETECTED
Idx: 16 result: ScanResult.NOT_DETECTED
Idx: 17 result: ScanResult.NOT_DETECTED
Idx: 18 result: ScanResult.NOT_DETECTED
Idx: 19 result: ScanResult.NOT_DETECTED
Idx: 20 result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:43:20,295] runVerifications() :: Verification run: 6 FULL DECREMENTAL
Idx: 20 result: ScanResult.NOT_DETECTED
Idx: 19 result: ScanResult.NOT_DETECTED
Idx: 18 result: ScanResult.NOT_DETECTED
Idx: 17 result: ScanResult.NOT_DETECTED
Idx: 16 result: ScanResult.NOT_DETECTED
Idx: 15 result: ScanResult.NOT_DETECTED
Idx: 14 result: ScanResult.NOT_DETECTED
Idx: 13 result: ScanResult.NOT_DETECTED
Idx: 12 result: ScanResult.NOT_DETECTED
Idx: 11 result: ScanResult.NOT_DETECTED
Idx: 10 result: ScanResult.NOT_DETECTED
Idx: 9 result: ScanResult.NOT_DETECTED
Idx: 8 result: ScanResult.NOT_DETECTED
Idx: 7 result: ScanResult.NOT_DETECTED
Idx: 6 result: ScanResult.NOT_DETECTED
Idx: 5 result: ScanResult.NOT_DETECTED
Idx: 4 result: ScanResult.NOT_DETECTED
Idx: 3 result: ScanResult.NOT_DETECTED
Idx: 2 result: ScanResult.NOT_DETECTED
Idx: 1 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:43:20,296] runVerifications() :: Verification run: 7 MIDDLE8 ALL
Idx: 0 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
Idx: 0 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
[INFO ][2023-07-07 17:43:21,284] runVerifications() :: Verification run: 8 THIRDS4 ALL
Idx: 0 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
result: ScanResult.NOT_SCANNED
Idx: 0 result: ScanResult.NOT_DETECTED
result: ScanResult.NOT_SCANNED
[INFO ][2023-07-07 17:43:21,285] runVerifications() :: Verification run: 9 FULL ALL
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
Idx: 0 result: ScanResult.NOT_DETECTED
[INFO ][2023-07-07 17:43:21,285] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-07-07 17:43:21,286] augmentFile() :: Perform augmentation of matches
[INFO ][2023-07-07 17:43:21,607] getDotNetSections() :: Offset: 7680
[INFO ][2023-07-07 17:43:23,495] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-07-07 17:43:23,495] outflankFile() :: Attempt to outflank the file
[INFO ][2023-07-07 17:43:23,495] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO ][2023-07-07 17:43:23,495] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-07-07 17:43:23,496] save() :: Saving HashCache (29083)
[INFO ][2023-09-01 05:26:54,162] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-01 05:26:54,162] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-01 05:26:54,164] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-09-01 05:26:54,464] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:54,465] handleFile() :: Using scanner as defined in outcome: avg
[INFO ][2023-09-01 05:26:54,466] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-01 05:26:54,466] load() :: Loading HashCache
[INFO ][2023-09-01 05:26:54,597] load() :: 85943 hashes loaded
[INFO ][2023-09-01 05:26:54,597] save() :: Saving HashCache (85943)
[INFO ][2023-09-01 05:26:54,680] save() :: Saving HashCache (85943)
[INFO ][2023-09-24 19:22:14,297] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-24 19:22:14,297] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-24 19:22:14,307] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-09-24 19:22:14,307] parseFile() :: FilePe: Parse File
[INFO ][2023-09-24 19:22:14,327] parsePeSections() :: FilePe: Parse PE Sections
[INFO ][2023-09-24 19:22:14,327] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:22:14,327] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,327] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,327] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,327] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,327] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,328] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,328] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,328] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,328] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,328] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:22:14,328] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO ][2023-09-24 19:22:14,328] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO ][2023-09-24 19:22:14,603] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:22:14,905] handleFile() :: Using scanner as defined in outcome: avg
[INFO ][2023-09-24 19:22:14,906] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-24 19:22:14,907] load() :: Loading HashCache
[INFO ][2023-09-24 19:22:15,066] load() :: 101712 hashes loaded
[INFO ][2023-09-24 19:22:15,067] save() :: Saving HashCache (101712)
[INFO ][2023-09-24 19:22:15,161] augmentFile() :: Perform augmentation of matches
[INFO ][2023-09-24 19:22:19,098] init() :: DotnetData entries: 12128
[INFO ][2023-09-24 19:22:19,112] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-24 19:22:19,113] save() :: Saving HashCache (101712)
[INFO ][2023-09-25 18:15:32,821] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-25 18:15:32,821] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-25 18:15:32,822] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-09-25 18:15:32,822] parseFile() :: FilePe: Parse File
[INFO ][2023-09-25 18:15:32,841] parsePeSections() :: FilePe: Parse PE Sections
[INFO ][2023-09-25 18:15:32,841] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:15:32,841] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO ][2023-09-25 18:15:32,841] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO ][2023-09-25 18:15:33,079] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:15:33,377] handleFile() :: Using scanner as defined in outcome: avg
[INFO ][2023-09-25 18:15:33,378] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-25 18:15:33,378] load() :: Loading HashCache
[INFO ][2023-09-25 18:15:33,537] load() :: 101712 hashes loaded
[INFO ][2023-09-25 18:15:33,537] save() :: Saving HashCache (101712)
[INFO ][2023-09-25 18:15:33,630] augmentFile() :: Perform augmentation of matches
[INFO ][2023-09-25 18:15:37,712] init() :: DotnetData entries: 12128
[INFO ][2023-09-25 18:15:37,727] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-25 18:15:37,728] save() :: Saving HashCache (101712)
[INFO ][2023-09-25 18:22:34,421] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-25 18:22:34,422] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-25 18:22:34,423] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-09-25 18:22:34,423] parseFile() :: FilePe: Parse File
[INFO ][2023-09-25 18:22:34,442] parsePeSections() :: FilePe: Parse PE Sections
[INFO ][2023-09-25 18:22:34,442] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:22:34,442] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO ][2023-09-25 18:22:34,442] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO ][2023-09-25 18:22:34,683] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:22:34,982] handleFile() :: Using scanner as defined in outcome: avg
[INFO ][2023-09-25 18:22:34,984] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-25 18:22:34,984] load() :: Loading HashCache
[INFO ][2023-09-25 18:22:35,141] load() :: 101712 hashes loaded
[INFO ][2023-09-25 18:22:35,141] save() :: Saving HashCache (101712)
[INFO ][2023-09-25 18:22:35,237] augmentFile() :: Perform augmentation of matches
[INFO ][2023-09-25 18:22:39,328] init() :: DotnetData entries: 12128
[INFO ][2023-09-25 18:22:39,342] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-25 18:22:39,343] save() :: Saving HashCache (101712)
[INFO ][2023-09-29 10:08:04,244] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-29 10:08:04,244] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-29 10:08:04,245] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-09-29 10:08:04,245] parseFile() :: FilePe: Parse File
[INFO ][2023-09-29 10:08:04,265] parsePeSections() :: FilePe: Parse PE Sections
[INFO ][2023-09-29 10:08:04,265] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:08:04,265] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO ][2023-09-29 10:08:04,265] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:08:04,505] handleFile() :: Using scanner as defined in outcome: avg
[INFO ][2023-09-29 10:08:04,506] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-29 10:08:04,506] load() :: Loading HashCache
[INFO ][2023-09-29 10:08:04,672] load() :: 102070 hashes loaded
[INFO ][2023-09-29 10:08:04,672] save() :: Saving HashCache (102070)
[INFO ][2023-09-29 10:08:04,769] augmentFile() :: Perform augmentation of matches
[INFO ][2023-09-29 10:08:08,878] init() :: DotnetData entries: 12128
[INFO ][2023-09-29 10:08:08,893] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-29 10:08:08,894] save() :: Saving HashCache (102070)
[INFO ][2023-09-29 12:12:37,602] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-29 12:12:37,602] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-29 12:12:37,603] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-09-29 12:12:37,604] parseFile() :: FilePe: Parse File
[INFO ][2023-09-29 12:12:37,622] parsePeSections() :: FilePe: Parse PE Sections
[INFO ][2023-09-29 12:12:37,623] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:12:37,623] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO ][2023-09-29 12:12:37,623] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:12:37,865] handleFile() :: Using scanner as defined in outcome: avg
[INFO ][2023-09-29 12:12:37,866] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-29 12:12:37,867] load() :: Loading HashCache
[INFO ][2023-09-29 12:12:38,034] load() :: 102070 hashes loaded
[INFO ][2023-09-29 12:12:38,034] save() :: Saving HashCache (102070)
[INFO ][2023-09-29 12:12:38,133] augmentFile() :: Perform augmentation of matches
[INFO ][2023-09-29 12:12:42,242] init() :: DotnetData entries: 12128
[INFO ][2023-09-29 12:12:42,257] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-29 12:12:42,258] save() :: Saving HashCache (102070)
[INFO ][2023-09-30 10:33:32,438] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-30 10:33:32,438] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe
[INFO ][2023-09-30 10:33:32,439] handleFile() :: Using parser for file type DOTNET
[INFO ][2023-09-30 10:33:32,439] parseFile() :: FilePe: Parse File
[INFO ][2023-09-30 10:33:32,458] parsePeSections() :: FilePe: Parse PE Sections
[INFO ][2023-09-30 10:33:32,459] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:33:32,459] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO ][2023-09-30 10:33:32,459] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:33:32,698] handleFile() :: Using scanner as defined in outcome: avg
[INFO ][2023-09-30 10:33:32,699] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-30 10:33:32,700] load() :: Loading HashCache
[INFO ][2023-09-30 10:33:32,866] load() :: 102072 hashes loaded
[INFO ][2023-09-30 10:33:32,866] save() :: Saving HashCache (102072)
[INFO ][2023-09-30 10:33:32,965] augmentFile() :: Perform augmentation of matches
[INFO ][2023-09-30 10:33:37,058] init() :: DotnetData entries: 12128
[INFO ][2023-09-30 10:33:37,073] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avg.exe.outcome
[INFO ][2023-09-30 10:33:37,074] save() :: Saving HashCache (102072)