| Name: | FA720EE223F9850C.SharpHound.exe.avg.exe |
| Size: | 906,752 bytes |
| Type: | EXE PE.NET |
| MD5: | 76a2363d509cc7174c4abee9a7d7ae68 |
| Scanner Name: | avg |
| Appraisal: | Fragile (AND) based |
| Scan Debug: | Duration: 51s / Chunks: 103 / Matches: 20 |
| Scan date: | 2023-07-21 23:51:44 |
| # | Iteration | Offset | Size | Section | Detail | SectionType | Conclusion |
|---|---|---|---|---|---|---|---|
| 0 | 0 | 831402 | 9 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
| 1 | 0 | 831420 | 9 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
| 2 | 0 | 831432 | 6 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
| 5 | 0 | 831749 | 6 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
| 6 | 1 | 863857 | 5 | .text #Strings | DATA | Dominant. Modify this to make file undetected |
| Dominant. Modify this to make file undetected |
000CAFAA 00 0A 57 1F A2 0B 09 0F 00 ..W......
| Dominant. Modify this to make file undetected |
000CAFBC 01 00 00 00 D1 00 00 00 46 ........F
| Dominant. Modify this to make file undetected |
000CAFC8 95 01 00 00 DC 01 ......
| Dominant. Modify this to make file undetected |
000CB105 47 52 29 06 00 08 GR)...
| Dominant. Modify this to make file undetected |
000D2E71 6C 65 00 49 44 le.ID
| Test # | MatchOrder | ModifyPosition |
Match#0 #~ 9b |
Match#1 #~ 9b |
Match#2 #~ 6b |
Match#3 #~ 6b |
Match#4 #~ 6b |
Match#5 #~ 6b |
Match#6 #Strings 5b |
Match#7 #Strings 23b |
Match#8 #Strings 14b |
Match#9 #Strings 18b |
Match#10 #Strings 19b |
| 0 | ISOLATED | MIDDLE8 | |||||||||||
| 1 | ISOLATED | THIRDS4 | |||||||||||
| 2 | ISOLATED | FULL | |||||||||||
| 3 | ISOLATED | FULLB | |||||||||||
| 4 | INCREMENTAL | MIDDLE8 | 7 | 9 | 10 | ||||||||
| 5 | INCREMENTAL | FULL | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 6 | DECREMENTAL | FULL | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| 7 | ALL | MIDDLE8 | 0 | 0 | 0 | ||||||||
| 8 | ALL | THIRDS4 | 0 | 0 | 0 | ||||||||
| 9 | ALL | FULL | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Result | |||||||||||||
[INFO ][2023-07-21 23:51:34,136] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-07-21 23:51:34,136] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-07-21 23:51:34,138] handleFile() :: Using parser for file type DOTNET [INFO ][2023-07-21 23:51:34,279] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 23:51:34,280] handleFile() :: Using scanner from command line: avg [INFO ][2023-07-21 23:51:34,282] load() :: Loading HashCache [INFO ][2023-07-21 23:51:34,367] load() :: 67562 hashes loaded [INFO ][2023-07-21 23:51:44,298] handleFile() :: QuickCheck: FA720EE223F9850C.SharpHound.exe.avg.exe is detected by avg and not hash based [INFO ][2023-07-21 23:51:44,298] handleFile() :: Scanning for matches... [INFO ][2023-07-21 23:51:44,298] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact) [INFO ][2023-07-21 23:51:44,353] findDetectedSections() :: Hide: .text -> Detected: False [INFO ][2023-07-21 23:51:44,355] findDetectedSections() :: Hide: .rsrc -> Detected: True [INFO ][2023-07-21 23:51:44,357] findDetectedSections() :: Hide: .reloc -> Detected: True [INFO ][2023-07-21 23:51:47,061] findDetectedSections() :: Hide: Header -> Detected: False [INFO ][2023-07-21 23:51:49,921] findDetectedSections() :: Hide: DotNet Header -> Detected: False [INFO ][2023-07-21 23:51:52,694] findDetectedSections() :: Hide: Metadata Header -> Detected: False [INFO ][2023-07-21 23:51:52,696] findDetectedSections() :: Hide: methods -> Detected: True [INFO ][2023-07-21 23:51:55,655] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False [INFO ][2023-07-21 23:51:58,353] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False [INFO ][2023-07-21 23:52:01,926] findDetectedSections() :: Hide: #US Stream Header -> Detected: True [INFO ][2023-07-21 23:52:05,437] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True [INFO ][2023-07-21 23:52:08,860] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True [INFO ][2023-07-21 23:52:08,862] findDetectedSections() :: Hide: #~ -> Detected: False [INFO ][2023-07-21 23:52:08,864] findDetectedSections() :: Hide: #Strings -> Detected: False [INFO ][2023-07-21 23:52:08,866] findDetectedSections() :: Hide: #US -> Detected: True [INFO ][2023-07-21 23:52:08,867] findDetectedSections() :: Hide: #GUID -> Detected: True [INFO ][2023-07-21 23:52:08,869] findDetectedSections() :: Hide: #Blob -> Detected: True [INFO ][2023-07-21 23:52:08,869] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly [INFO ][2023-07-21 23:52:08,869] scanForMatchesInPe() :: section: #~ [INFO ][2023-07-21 23:52:08,869] scanForMatchesInPe() :: section: #Strings [INFO ][2023-07-21 23:52:19,331] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (831396-856416) [INFO ][2023-07-21 23:52:19,331] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4 [INFO ][2023-07-21 23:52:19,331] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added) [INFO ][2023-07-21 23:52:19,367] _scanDataPart() :: Result: 831402-831408 (6 bytes) 000CAFAA 00 0A 57 1F A2 0B ..W... [INFO ][2023-07-21 23:52:19,372] _scanDataPart() :: Result: 831408-831411 (3b minChunk:2 X) 000CAFB0 09 0F 00 ... [INFO ][2023-07-21 23:52:24,824] _scanDataPart() :: Result: 831420-831426 (6 bytes) 000CAFBC 01 00 00 00 D1 00 ...... [INFO ][2023-07-21 23:52:24,824] _printStatus() :: Reducing: 20 chunks done, found 2 matches (3 added) [INFO ][2023-07-21 23:52:24,827] _scanDataPart() :: Result: 831426-831429 (3b minChunk:2 X) 000CAFC2 00 00 46 ..F [INFO ][2023-07-21 23:52:24,832] _scanDataPart() :: Result: 831432-831438 (6 bytes) 000CAFC8 95 01 00 00 DC 01 ...... [INFO ][2023-07-21 23:52:24,846] _scanDataPart() :: Result: 831694-831700 (6 bytes) 000CB0CE 6E 04 52 29 06 00 n.R).. [INFO ][2023-07-21 23:52:24,853] _scanDataPart() :: Result: 831718-831724 (6 bytes) 000CB0E6 23 33 55 3B 06 00 #3U;.. [INFO ][2023-07-21 23:52:24,863] _scanDataPart() :: Result: 831749-831752 (3b minChunk:2 X) 000CB105 47 52 29 GR) [INFO ][2023-07-21 23:52:24,863] _scanDataPart() :: Result: 831752-831755 (3b minChunk:2 X) 000CB108 06 00 08 ... [INFO ][2023-07-21 23:52:24,864] scan() :: Reducer Result: Time:6 Chunks:38 MatchesAdded:9 MatchesFinal:6 [INFO ][2023-07-21 23:52:35,336] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (856416-875304) [INFO ][2023-07-21 23:52:35,336] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:2 MinMatchSize:4 [INFO ][2023-07-21 23:52:35,336] _printStatus() :: Reducing: 39 chunks done, found 0 matches (9 added) [INFO ][2023-07-21 23:52:35,369] _scanDataPart() :: Result: 863857-863862 (5b minChunk:2 X) 000D2E71 6C 65 00 49 44 le.ID [INFO ][2023-07-21 23:52:35,401] _scanDataPart() :: Result: 868556-868561 (5b minChunk:2 X) 000D40CC 72 00 52 65 73 r.Res [INFO ][2023-07-21 23:52:35,403] _scanDataPart() :: Result: 868561-868570 (9 bytes) 000D40D1 6F 6C 76 65 45 76 65 6E 74 olveEvent [INFO ][2023-07-21 23:52:35,408] _scanDataPart() :: Result: 868570-868579 (9 bytes) 000D40DA 48 61 6E 64 6C 65 72 00 67 Handler.g [INFO ][2023-07-21 23:52:35,428] _scanDataPart() :: Result: 869506-869511 (5b minChunk:2 X) 000D4482 00 49 45 6E 75 .IEnu [INFO ][2023-07-21 23:52:35,435] _scanDataPart() :: Result: 869511-869520 (9 bytes) 000D4487 6D 65 72 61 74 6F 72 00 53 merator.S [INFO ][2023-07-21 23:52:35,464] _scanDataPart() :: Result: 870987-870996 (9 bytes) 000D4A4B 73 00 52 65 73 6F 6C 76 65 s.Resolve [INFO ][2023-07-21 23:52:35,467] _scanDataPart() :: Result: 870996-871005 (9 bytes) 000D4A54 45 76 65 6E 74 41 72 67 73 EventArgs [INFO ][2023-07-21 23:52:35,484] _scanDataPart() :: Result: 871604-871609 (5b minChunk:2 X) 000D4CB4 00 53 79 73 74 .Syst [INFO ][2023-07-21 23:52:35,485] _scanDataPart() :: Result: 871609-871614 (5b minChunk:2 X) 000D4CB9 65 6D 2E 43 6F em.Co [INFO ][2023-07-21 23:52:35,487] _scanDataPart() :: Doubling: minChunkSize: 2 minMatchSize: 4 [INFO ][2023-07-21 23:52:35,495] _scanDataPart() :: Result: 871614-871623 (9b minChunk:4 X) 000D4CBE 6C 6C 65 63 74 69 6F 6E 73 llections [INFO ][2023-07-21 23:52:35,496] scan() :: Reducer Result: Time:0 Chunks:103 MatchesAdded:20 MatchesFinal:5 [INFO ][2023-07-21 23:52:35,496] handleFile() :: Result: 11 matches [INFO ][2023-07-21 23:52:35,496] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-07-21 23:52:35,497] save() :: Saving HashCache (67582) [INFO ][2023-07-21 23:52:35,568] verifyFile() :: Perform verification of matches [INFO ][2023-07-21 23:52:35,568] runVerifications() :: Verify 11 matches [INFO ][2023-07-21 23:52:35,572] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 23:52:35,577] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 23:52:41,373] runVerifications() :: Verification run: 2 FULL ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 23:52:46,814] runVerifications() :: Verification run: 3 FULLB ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 23:52:52,735] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 7 result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED Idx: 9 result: ScanResult.DETECTED Idx: 10 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:53:19,226] runVerifications() :: Verification run: 5 FULL INCREMENTAL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:53:25,010] runVerifications() :: Verification run: 6 FULL DECREMENTAL Idx: 10 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.DETECTED [INFO ][2023-07-21 23:53:25,012] runVerifications() :: Verification run: 7 MIDDLE8 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-21 23:53:27,695] runVerifications() :: Verification run: 8 THIRDS4 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-21 23:53:27,696] runVerifications() :: Verification run: 9 FULL ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:53:27,697] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-07-21 23:53:27,697] augmentFile() :: Perform augmentation of matches [INFO ][2023-07-21 23:53:27,807] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 23:53:28,245] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-07-21 23:53:28,246] outflankFile() :: Attempt to outflank the file [INFO ][2023-07-21 23:53:28,246] outflankDotnet() :: Outflank failed with attempted 0 patches [INFO ][2023-07-21 23:53:28,246] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-07-21 23:53:28,246] save() :: Saving HashCache (67601) [INFO ][2023-08-04 18:32:29,713] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-08-04 18:32:29,714] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-08-04 18:32:29,715] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-04 18:32:29,862] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-04 18:32:29,863] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-04 18:32:29,863] load() :: Loading HashCache [INFO ][2023-08-04 18:32:29,976] load() :: 77569 hashes loaded [INFO ][2023-08-04 18:32:29,976] save() :: Saving HashCache (77569) [INFO ][2023-08-04 18:32:30,054] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-04 18:32:30,145] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-04 18:32:31,224] init() :: DotnetData entries: 3566 [INFO ][2023-08-04 18:32:31,229] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-08-04 18:32:31,229] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:59:12,649] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-08-06 16:59:12,649] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-08-06 16:59:12,650] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 16:59:12,797] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 16:59:12,797] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-06 16:59:12,797] load() :: Loading HashCache [INFO ][2023-08-06 16:59:12,909] load() :: 77569 hashes loaded [INFO ][2023-08-06 16:59:12,910] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:59:12,989] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 16:59:13,082] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 16:59:14,144] init() :: DotnetData entries: 3566 [INFO ][2023-08-06 16:59:14,149] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-08-06 16:59:14,149] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:33:23,335] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-08-06 17:33:23,335] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-08-06 17:33:23,337] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 17:33:23,484] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 17:33:23,485] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-06 17:33:23,485] load() :: Loading HashCache [INFO ][2023-08-06 17:33:23,599] load() :: 77569 hashes loaded [INFO ][2023-08-06 17:33:23,599] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:33:23,677] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 17:33:23,771] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 17:33:24,856] init() :: DotnetData entries: 3566 [INFO ][2023-08-06 17:33:24,861] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-08-06 17:33:24,861] save() :: Saving HashCache (77569) [INFO ][2023-09-01 05:27:03,914] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-01 05:27:03,914] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-01 05:27:03,917] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:27:04,061] getDotNetSections() :: Offset: 7680 [WARNING ][2023-09-01 05:27:04,062] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-01 05:27:04,064] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-01 05:27:04,064] load() :: Loading HashCache [INFO ][2023-09-01 05:27:04,179] load() :: 85943 hashes loaded [INFO ][2023-09-01 05:27:04,180] save() :: Saving HashCache (85943) [INFO ][2023-09-01 05:27:04,263] save() :: Saving HashCache (85943) [INFO ][2023-09-24 19:22:47,257] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-24 19:22:47,257] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-24 19:22:47,267] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-24 19:22:47,268] parseFile() :: FilePe: Parse File [INFO ][2023-09-24 19:22:47,309] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-24 19:22:47,309] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-24 19:22:47,309] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-24 19:22:47,309] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-24 19:22:47,310] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-24 19:22:47,310] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-24 19:22:47,411] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-24 19:22:47,527] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-24 19:22:47,530] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-24 19:22:47,530] load() :: Loading HashCache [INFO ][2023-09-24 19:22:47,663] load() :: 101712 hashes loaded [INFO ][2023-09-24 19:22:47,664] save() :: Saving HashCache (101712) [INFO ][2023-09-24 19:22:47,758] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-24 19:22:48,802] init() :: DotnetData entries: 3566 [INFO ][2023-09-24 19:22:48,806] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-24 19:22:48,807] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:16:05,211] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-25 18:16:05,211] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-25 18:16:05,213] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:16:05,213] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:16:05,249] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:16:05,249] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:16:05,249] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:16:05,249] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:16:05,352] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:16:05,465] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-25 18:16:05,467] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-25 18:16:05,467] load() :: Loading HashCache [INFO ][2023-09-25 18:16:05,601] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:16:05,601] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:16:05,696] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:16:06,780] init() :: DotnetData entries: 3566 [INFO ][2023-09-25 18:16:06,784] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-25 18:16:06,784] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:23:06,679] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-25 18:23:06,679] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-25 18:23:06,680] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:23:06,681] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:23:06,716] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:23:06,716] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:23:06,716] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:23:06,716] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:23:06,820] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:23:06,931] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-25 18:23:06,933] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-25 18:23:06,934] load() :: Loading HashCache [INFO ][2023-09-25 18:23:07,067] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:23:07,067] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:23:07,166] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:23:08,248] init() :: DotnetData entries: 3566 [INFO ][2023-09-25 18:23:08,252] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-25 18:23:08,252] save() :: Saving HashCache (101712) [INFO ][2023-09-29 10:08:35,785] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-29 10:08:35,785] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-29 10:08:35,786] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 10:08:35,787] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 10:08:35,822] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 10:08:35,822] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 10:08:35,822] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 10:08:35,822] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 10:08:35,927] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-29 10:08:35,930] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-29 10:08:35,930] load() :: Loading HashCache [INFO ][2023-09-29 10:08:36,058] load() :: 102070 hashes loaded [INFO ][2023-09-29 10:08:36,058] save() :: Saving HashCache (102070) [INFO ][2023-09-29 10:08:36,153] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 10:08:37,229] init() :: DotnetData entries: 3566 [INFO ][2023-09-29 10:08:37,233] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-29 10:08:37,233] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:13:09,241] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-29 12:13:09,241] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-29 12:13:09,242] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 12:13:09,243] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 12:13:09,278] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 12:13:09,278] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 12:13:09,278] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 12:13:09,278] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 12:13:09,382] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-29 12:13:09,385] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-29 12:13:09,385] load() :: Loading HashCache [INFO ][2023-09-29 12:13:09,513] load() :: 102070 hashes loaded [INFO ][2023-09-29 12:13:09,513] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:13:09,611] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 12:13:10,685] init() :: DotnetData entries: 3566 [INFO ][2023-09-29 12:13:10,689] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-29 12:13:10,690] save() :: Saving HashCache (102070) [INFO ][2023-09-30 10:34:03,985] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-30 10:34:03,985] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe [INFO ][2023-09-30 10:34:03,987] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-30 10:34:03,987] parseFile() :: FilePe: Parse File [INFO ][2023-09-30 10:34:04,022] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-30 10:34:04,022] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-30 10:34:04,022] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-30 10:34:04,023] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-30 10:34:04,023] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-30 10:34:04,023] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-30 10:34:04,127] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-30 10:34:04,129] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-30 10:34:04,129] load() :: Loading HashCache [INFO ][2023-09-30 10:34:04,258] load() :: 102072 hashes loaded [INFO ][2023-09-30 10:34:04,258] save() :: Saving HashCache (102072) [INFO ][2023-09-30 10:34:04,357] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-30 10:34:05,434] init() :: DotnetData entries: 3566 [INFO ][2023-09-30 10:34:05,438] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avg.exe.outcome [INFO ][2023-09-30 10:34:05,438] save() :: Saving HashCache (102072)