Avred

File FA720EE223F9850C.SharpHound.exe.avira.exe

Name:	FA720EE223F9850C.SharpHound.exe.avira.exe
Size:	906,752 bytes
Type:	EXE PE.NET
MD5:	76a2363d509cc7174c4abee9a7d7ae68

Scanner Name:	avira
Appraisal:	Fragile (AND) based
Scan Debug:	Duration: 134s / Chunks: 222 / Matches: 44
Scan date:	2023-07-22 00:43:49

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
6	1	831402	9	.text #~		DATA	Dominant. Modify this to make file undetected
7	1	831420	9	.text #~		DATA	Dominant. Modify this to make file undetected
8	1	831432	18	.text #~		DATA	Dominant. Modify this to make file undetected
9	1	832323	6	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
10	1	832586	6	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
11	1	832646	6	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
14	2	858499	19	.text #Strings		DATA	Dominant. Modify this to make file undetected
15	2	859108	9	.text #Strings		DATA	Dominant. Modify this to make file undetected
16	2	865679	5	.text #Strings		DATA	Dominant. Modify this to make file undetected
17	2	866274	13	.text #Strings		DATA	Dominant. Modify this to make file undetected
18	2	866993	10	.text #Strings		DATA	Dominant. Modify this to make file undetected
19	2	867569	19	.text #Strings		DATA	Dominant. Modify this to make file undetected
22	2	868312	19	.text #Strings		DATA	Dominant. Modify this to make file undetected
23	2	874813	10	.text #Strings		DATA	Dominant. Modify this to make file undetected

Match 6: 831402 (size: 9)

Dominant. Modify this to make file undetected

.text #~

000CAFAA   00 0A 57 1F A2 0B 09 0F 00                         ..W......

Match 7: 831420 (size: 9)

Dominant. Modify this to make file undetected

.text #~

000CAFBC   01 00 00 00 D1 00 00 00 46                         ........F

Match 8: 831432 (size: 18)

Dominant. Modify this to make file undetected

.text #~

000CAFC8   95 01 00 00 DC 01 00 00 36 01 00 00 29 00 00 00    ........6...)...
000CAFD8   CF 02                                              ..

Match 9: 832323 (size: 6)

Dominant. Modify this to make file undetected

.text #~ TypeRef

000CB343   00 30 24 52 29 2E                                  .0$R).

0xcb342: TypeRef[135]: ResolutionScope: ref table AssemblyRef[1] TypeName: Byte TypeNamespace: System

0xcb348: TypeRef[136]: ResolutionScope: ref table AssemblyRef[11] TypeName: StreamUtils TypeNamespace: ICSharpCode.SharpZipLib.Core

Match 10: 832586 (size: 6)

Dominant. Modify this to make file undetected

.text #~ TypeRef

000CB44A   06 00 7D 2E 2B 08                                  ..}.+.

0xcb44a: TypeRef[179]: ResolutionScope: ref table AssemblyRef[1] TypeName: TextReader TypeNamespace: System.IO

Match 11: 832646 (size: 6)

Dominant. Modify this to make file undetected

.text #~ TypeRef

000CB486   06 00 DE 47 92 2B                                  ...G.+

0xcb486: TypeRef[189]: ResolutionScope: ref table AssemblyRef[1] TypeName: Assembly TypeNamespace: System.Reflection

Match 14: 858499 (size: 19)

Dominant. Modify this to make file undetected

.text #Strings

000D1983   65 65 64 73 53 50 4E 00 53 79 73 74 65 6D 2E 49    eedsSPN.System.I
000D1993   4F 00 47                                           O.G

Match 15: 859108 (size: 9)

Dominant. Modify this to make file undetected

.text #Strings

000D1BE4   00 4C 6F 61 64 00 54 72 79                         .Load.Try

Match 16: 865679 (size: 5)

Dominant. Modify this to make file undetected

.text #Strings

000D358F   00 42 79 74 65                                     .Byte

Match 17: 866274 (size: 13)

Dominant. Modify this to make file undetected

.text #Strings

000D37E2   47 65 74 43 61 63 68 65 50 61 74 68 00             GetCachePath.

Match 18: 866993 (size: 10)

Dominant. Modify this to make file undetected

.text #Strings

000D3AB1   00 53 79 73 74 65 6D 00 52 61                      .System.Ra

Match 19: 867569 (size: 19)

Dominant. Modify this to make file undetected

.text #Strings

000D3CF1   00 53 79 73 74 65 6D 2E 52 65 66 6C 65 63 74 69    .System.Reflecti
000D3D01   6F 6E 00                                           on.

Match 22: 868312 (size: 19)

Dominant. Modify this to make file undetected

.text #Strings

000D3FD8   61 64 65 72 00 54 65 78 74 52 65 61 64 65 72 00    ader.TextReader.
000D3FE8   41 73 73                                           Ass

Match 23: 874813 (size: 10)

Dominant. Modify this to make file undetected

.text #Strings

000D593D   67 41 73 73 65 6D 62 6C 79 00                      gAssembly.

Test #	MatchOrder	ModifyPosition	Match#0 methods 50b	Match#1 methods 51b	Match#2 methods 51b	Match#3 methods 102b	Match#4 methods 51b	Match#5 methods 254b	Match#6 #~ 9b	Match#7 #~ 9b	Match#8 #~ 18b	Match#9 #~ 6b	Match#10 #~ 6b	Match#11 #~ 6b	Match#12 #~ 6b	Match#13 #~ 7b	Match#14 #Strings 19b	Match#15 #Strings 9b	Match#16 #Strings 5b	Match#17 #Strings 13b	Match#18 #Strings 10b	Match#19 #Strings 19b	Match#20 #Strings 14b	Match#21 #Strings 9b	Match#22 #Strings 19b	Match#23 #Strings 10b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8	0	1	2	3	4	5			8						14					19			22
5	INCREMENTAL	FULL	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23
6	DECREMENTAL	FULL	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
7	ALL	MIDDLE8		0			0					0						0			0	0	0	0	0	0
8	ALL	THIRDS4		0			0					0						0			0	0	0	0	0	0
9	ALL	FULL	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Result			d	d	d	d	d	d	d	d	d	d	d	d	d	d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-22 00:43:41,577] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-07-22 00:43:41,577] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-07-22 00:43:41,578] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-22 00:43:41,724] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-22 00:43:41,725] handleFile() :: Using scanner from command line: avira
[INFO    ][2023-07-22 00:43:41,727] load() :: Loading HashCache
[INFO    ][2023-07-22 00:43:41,820] load() ::   74480 hashes loaded
[INFO    ][2023-07-22 00:43:49,997] handleFile() :: QuickCheck: FA720EE223F9850C.SharpHound.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-22 00:43:49,998] handleFile() :: Scanning for matches...
[INFO    ][2023-07-22 00:43:49,998] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-22 00:43:50,094] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-22 00:43:50,096] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-22 00:43:50,097] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-22 00:43:52,887] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-22 00:43:55,820] findDetectedSections() :: Hide: DotNet Header -> Detected: False
[INFO    ][2023-07-22 00:43:58,671] findDetectedSections() :: Hide: Metadata Header -> Detected: False
[INFO    ][2023-07-22 00:43:58,673] findDetectedSections() :: Hide: methods -> Detected: False
[INFO    ][2023-07-22 00:44:01,679] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False
[INFO    ][2023-07-22 00:44:04,413] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False
[INFO    ][2023-07-22 00:44:07,378] findDetectedSections() :: Hide: #US Stream Header -> Detected: True
[INFO    ][2023-07-22 00:44:10,248] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True
[INFO    ][2023-07-22 00:44:13,024] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True
[INFO    ][2023-07-22 00:44:13,026] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO    ][2023-07-22 00:44:13,027] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO    ][2023-07-22 00:44:13,029] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-22 00:44:13,030] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-22 00:44:13,032] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-22 00:44:13,032] scanForMatchesInPe() :: 3 section(s) trigger the antivirus independantly
[INFO    ][2023-07-22 00:44:13,032] scanForMatchesInPe() ::   section: methods
[INFO    ][2023-07-22 00:44:13,032] scanForMatchesInPe() ::   section: #~
[INFO    ][2023-07-22 00:44:13,032] scanForMatchesInPe() ::   section: #Strings
[INFO    ][2023-07-22 00:44:23,818] scanForMatchesInPe() :: Launching bytes analysis on section: methods (584-831288)
[INFO    ][2023-07-22 00:44:23,818] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:32 MinMatchSize:64
[INFO    ][2023-07-22 00:44:23,818] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-22 00:44:23,858] _scanDataPart() :: Result: 6058-6108 (50b minChunk:32 X)
000017AA   06 00 53 00 00 00 00 00 00 00 04 6F 84 01 00 06    ..S........o....
000017BA   72 26 06 00 70 28 0E 00 00 2B 28 94 00 00 0A 04    r&..p(...+(.....
000017CA   03 25 2D 1D 26 28 A2 00 00 0A 6F A3 00 00 0A 17    .%-.&(....o.....
000017DA   8D 25                                              .%
[INFO    ][2023-07-22 00:44:23,860] _scanDataPart() :: Result: 6210-6261 (51b minChunk:32 X)
00001842   00 06 0A 03 6F 84 01 00 06 72 E8 06 00 70 17 8D    ....o....r...p..
00001852   01 00 00 01 25 16 06 A2 28 94 00 00 0A 06 28 A4    ....%...(.....(.
00001862   00 00 0A 2D 19 03 6F 84 01 00 06 72 0E 07 00 70    ...-..o....r...p
00001872   28 0E 00                                           (..
[INFO    ][2023-07-22 00:44:23,870] _scanDataPart() :: Result: 6311-6362 (51b minChunk:32 X)
000018A7   03 6F 84 01 00 06 72 72 07 00 70 17 8D 01 00 00    .o....rr..p.....
000018B7   01 25 16 07 6F A7 00 00 0A A2 28 8C 00 00 0A DE    .%..o.....(.....
000018C7   1F 0C 03 6F 84 01 00 06 72 B4 07 00 70 17 8D 01    ...o....r...p...
000018D7   00 00 01                                           ...
[INFO    ][2023-07-22 00:44:23,877] _scanDataPart() :: Result: 6717-6768 (51b minChunk:32 X)
00001A3D   01 00 06 17 6F A6 01 00 06 03 17 8D 10 00 00 01    ....o...........
00001A4D   25 16 06 A2 6F 9B 01 00 06 03 6F 84 01 00 06 72    %...o.....o....r
00001A5D   66 0A 00 70 28 0E 00 00 2B 28 94 00 00 0A 03 2A    f..p(...+(.....*
00001A6D   00 00 00                                           ...
[INFO    ][2023-07-22 00:44:23,880] _scanDataPart() :: Result: 6768-6819 (51b minChunk:32 X)
00001A70   13 30 06 00 68 00 00 00 15 00 00 11 03 6F 84 01    .0..h........o..
00001A80   00 06 72 A8 0A 00 70 28 0E 00 00 2B 28 94 00 00    ..r...p(...+(...
00001A90   0A 03 6F 84 01 00 06 72 EA 0A 00 70 17 8D 01 00    ..o....r...p....
00001AA0   00 01 25                                           ..%
[INFO    ][2023-07-22 00:44:23,897] _scanDataPart() :: Result: 11179-11230 (51b minChunk:32 X)
00002BAB   00 A9 01 00 00 29 00 00 11 02 7B 8D 00 00 04 0A    .....)....{.....
00002BBB   02 7B 8F 00 00 04 0B 06 45 03 00 00 00 64 00 00    .{......E....d..
00002BCB   00 D9 00 00 00 37 01 00 00 07 7B 86 00 00 04 6F    .....7....{....o
00002BDB   62 01 00                                           b..
[INFO    ][2023-07-22 00:44:23,899] _scanDataPart() :: Result: 11280-11331 (51b minChunk:32 X)
00002C10   00 00 0A 2D 3F 02 16 25 0A 7D 8D 00 00 04 02 09    ...-?..%.}......
00002C20   7D 90 00 00 04 02 7C 8E 00 00 04 12 03 02 28 24    }.....|.......($
00002C30   00 00 2B DD 24 01 00 00 02 7B 90 00 00 04 0D 02    ..+.$....{......
00002C40   7C 90 00                                           |..
[INFO    ][2023-07-22 00:44:23,904] _scanDataPart() :: Result: 11331-11381 (50b minChunk:32 X)
00002C43   00 04 FE 15 18 00 00 01 02 15 25 0A 7D 8D 00 00    ..........%.}...
00002C53   04 12 03 28 18 00 00 0A 07 7B 85 00 00 04 6F 0C    ...(.....{....o.
00002C63   01 00 0A 12 05 FE 15 2D 00 00 01 11 05 6F 0F 01    .......-.....o..
00002C73   00 0A                                              ..
[INFO    ][2023-07-22 00:44:23,904] _scanDataPart() :: Result: 11381-11432 (51b minChunk:32 X)
00002C75   13 06 12 06 28 10 01 00 0A 13 04 12 04 28 11 01    ....(........(..
00002C85   00 0A 2D 41 02 17 25 0A 7D 8D 00 00 04 02 11 04    ..-A..%.}.......
00002C95   7D 91 00 00 04 02 7C 8E 00 00 04 12 04 02 28 25    }.....|.......(%
00002CA5   00 00 2B                                           ..+
[INFO    ][2023-07-22 00:44:23,907] _scanDataPart() :: Result: 11432-11483 (51b minChunk:32 X)
00002CA8   DD AF 00 00 00 02 7B 91 00 00 04 13 04 02 7C 91    ......{.......|.
00002CB8   00 00 04 FE 15 2C 00 00 1B 02 15 25 0A 7D 8D 00    .....,.....%.}..
00002CC8   00 04 12 04 28 12 01 00 0A 3A 15 FF FF FF 07 6F    ....(....:.....o
00002CD8   13 01 00                                           ...
[INFO    ][2023-07-22 00:44:23,907] _scanDataPart() :: Result: 11483-11534 (51b minChunk:32 X)
00002CDB   0A 6F 15 00 00 0A 0D 12 03 28 16 00 00 0A 2D 3C    .o.......(....-<
00002CEB   02 18 25 0A 7D 8D 00 00 04 02 09 7D 90 00 00 04    ..%.}......}....
00002CFB   02 7C 8E 00 00 04 12 03 02 28 24 00 00 2B DE 51    .|.......($..+.Q
00002D0B   02 7B 90                                           .{.
[INFO    ][2023-07-22 00:44:23,908] scan() :: Reducer Result: Time:0 Chunks:45 MatchesAdded:11 MatchesFinal:6
[INFO    ][2023-07-22 00:44:32,603] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (831396-856416)
[INFO    ][2023-07-22 00:44:32,603] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-22 00:44:32,603] _printStatus() :: Reducing: 46 chunks done, found 0 matches (11 added)
[INFO    ][2023-07-22 00:44:32,639] _scanDataPart() :: Result: 831402-831408 (6 bytes)
000CAFAA   00 0A 57 1F A2 0B                                  ..W...
[INFO    ][2023-07-22 00:44:32,644] _scanDataPart() :: Result: 831408-831411 (3b minChunk:2 X)
000CAFB0   09 0F 00                                           ...
[INFO    ][2023-07-22 00:44:38,134] _scanDataPart() :: Result: 831420-831426 (6 bytes)
000CAFBC   01 00 00 00 D1 00                                  ......
[INFO    ][2023-07-22 00:44:38,134] _printStatus() :: Reducing: 65 chunks done, found 2 matches (14 added)
[INFO    ][2023-07-22 00:44:38,137] _scanDataPart() :: Result: 831426-831429 (3b minChunk:2 X)
000CAFC2   00 00 46                                           ..F
[INFO    ][2023-07-22 00:44:43,704] _scanDataPart() :: Result: 831432-831438 (6 bytes)
000CAFC8   95 01 00 00 DC 01                                  ......
[INFO    ][2023-07-22 00:44:43,705] _printStatus() :: Reducing: 69 chunks done, found 3 matches (16 added)
[INFO    ][2023-07-22 00:44:49,192] _scanDataPart() :: Result: 831438-831444 (6 bytes)
000CAFCE   00 00 36 01 00 00                                  ..6...
[INFO    ][2023-07-22 00:44:49,192] _printStatus() :: Reducing: 70 chunks done, found 3 matches (17 added)
[INFO    ][2023-07-22 00:44:49,202] _scanDataPart() :: Result: 831444-831450 (6 bytes)
000CAFD4   29 00 00 00 CF 02                                  ).....
[INFO    ][2023-07-22 00:44:49,222] _scanDataPart() :: Result: 832323-832329 (6 bytes)
000CB343   00 30 24 52 29 2E                                  .0$R).
[INFO    ][2023-07-22 00:44:49,240] _scanDataPart() :: Result: 832586-832592 (6 bytes)
000CB44A   06 00 7D 2E 2B 08                                  ..}.+.
[INFO    ][2023-07-22 00:44:49,249] _scanDataPart() :: Result: 832646-832652 (6 bytes)
000CB486   06 00 DE 47 92 2B                                  ...G.+
[INFO    ][2023-07-22 00:44:49,269] _scanDataPart() :: Doubling: minChunkSize: 2  minMatchSize: 4
[INFO    ][2023-07-22 00:44:49,280] _scanDataPart() :: Result: 849042-849048 (6b minChunk:4 X)
000CF492   85 0A C0 2D E9 05                                  ...-..
[INFO    ][2023-07-22 00:44:49,285] _scanDataPart() :: Result: 849078-849085 (7b minChunk:4 X)
000CF4B6   65 38 FE 2D E9 05 85                               e8.-...
[INFO    ][2023-07-22 00:44:49,286] scan() :: Reducer Result: Time:17 Chunks:107 MatchesAdded:23 MatchesFinal:8
[INFO    ][2023-07-22 00:44:57,868] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (856416-875304)
[INFO    ][2023-07-22 00:44:57,869] scan() :: Reducer Start: ScanSpeed:Normal Iteration:2 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-22 00:44:57,869] _printStatus() :: Reducing: 108 chunks done, found 0 matches (23 added)
[INFO    ][2023-07-22 00:45:03,481] _printStatus() :: Reducing: 120 chunks done, found 0 matches (23 added)
[INFO    ][2023-07-22 00:45:03,481] _scanDataPart() :: Result: 858499-858503 (4b minChunk:2 X)
000D1983   65 65 64 73                                        eeds
[INFO    ][2023-07-22 00:45:03,481] _scanDataPart() :: Result: 858503-858508 (5b minChunk:2 X)
000D1987   53 50 4E 00 53                                     SPN.S
[INFO    ][2023-07-22 00:45:08,777] _printStatus() :: Reducing: 123 chunks done, found 1 matches (25 added)
[INFO    ][2023-07-22 00:45:08,777] _scanDataPart() :: Result: 858508-858513 (5b minChunk:2 X)
000D198C   79 73 74 65 6D                                     ystem
[INFO    ][2023-07-22 00:45:08,778] _scanDataPart() :: Result: 858513-858518 (5b minChunk:2 X)
000D1991   2E 49 4F 00 47                                     .IO.G
[INFO    ][2023-07-22 00:45:08,800] _scanDataPart() :: Result: 859108-859117 (9 bytes)
000D1BE4   00 4C 6F 61 64 00 54 72 79                         .Load.Try
[INFO    ][2023-07-22 00:45:08,828] _scanDataPart() :: Result: 865679-865684 (5b minChunk:2 X)
000D358F   00 42 79 74 65                                     .Byte
[INFO    ][2023-07-22 00:45:14,541] _printStatus() :: Reducing: 155 chunks done, found 3 matches (29 added)
[INFO    ][2023-07-22 00:45:20,171] _printStatus() :: Reducing: 156 chunks done, found 3 matches (29 added)
[INFO    ][2023-07-22 00:45:20,171] _scanDataPart() :: Result: 866274-866278 (4b minChunk:2 X)
000D37E2   47 65 74 43                                        GetC
[INFO    ][2023-07-22 00:45:20,172] _scanDataPart() :: Result: 866278-866283 (5b minChunk:2 X)
000D37E6   61 63 68 65 50                                     acheP
[INFO    ][2023-07-22 00:45:25,754] _printStatus() :: Reducing: 159 chunks done, found 4 matches (31 added)
[INFO    ][2023-07-22 00:45:31,326] _printStatus() :: Reducing: 160 chunks done, found 4 matches (31 added)
[INFO    ][2023-07-22 00:45:31,326] _scanDataPart() :: Result: 866283-866287 (4b minChunk:2 X)
000D37EB   61 74 68 00                                        ath.
[INFO    ][2023-07-22 00:45:31,344] _scanDataPart() :: Result: 866993-866998 (5b minChunk:2 X)
000D3AB1   00 53 79 73 74                                     .Syst
[INFO    ][2023-07-22 00:45:31,344] _scanDataPart() :: Result: 866998-867003 (5b minChunk:2 X)
000D3AB6   65 6D 00 52 61                                     em.Ra
[INFO    ][2023-07-22 00:45:36,892] _printStatus() :: Reducing: 177 chunks done, found 5 matches (34 added)
[INFO    ][2023-07-22 00:45:42,257] _printStatus() :: Reducing: 178 chunks done, found 5 matches (34 added)
[INFO    ][2023-07-22 00:45:42,257] _scanDataPart() :: Result: 867569-867574 (5b minChunk:2 X)
000D3CF1   00 53 79 73 74                                     .Syst
[INFO    ][2023-07-22 00:45:47,862] _printStatus() :: Reducing: 180 chunks done, found 6 matches (35 added)
[INFO    ][2023-07-22 00:45:53,261] _scanDataPart() :: Result: 867574-867583 (9 bytes)
000D3CF6   65 6D 2E 52 65 66 6C 65 63                         em.Reflec
[INFO    ][2023-07-22 00:45:53,262] _printStatus() :: Reducing: 181 chunks done, found 6 matches (36 added)
[INFO    ][2023-07-22 00:45:58,665] _printStatus() :: Reducing: 182 chunks done, found 6 matches (36 added)
[INFO    ][2023-07-22 00:45:58,665] _scanDataPart() :: Result: 867583-867588 (5b minChunk:2 X)
000D3CFF   74 69 6F 6E 00                                     tion.
[INFO    ][2023-07-22 00:45:58,682] _scanDataPart() :: Result: 867693-867698 (5b minChunk:2 X)
000D3D6D   6E 00 73 65 74                                     n.set
[INFO    ][2023-07-22 00:45:58,682] _scanDataPart() :: Result: 867698-867703 (5b minChunk:2 X)
000D3D72   5F 50 6F 73 69                                     _Posi
[INFO    ][2023-07-22 00:45:58,692] _scanDataPart() :: Result: 867703-867707 (4b minChunk:2 X)
000D3D77   74 69 6F 6E                                        tion
[INFO    ][2023-07-22 00:45:58,699] _scanDataPart() :: Doubling: minChunkSize: 2  minMatchSize: 4
[INFO    ][2023-07-22 00:45:58,704] _scanDataPart() :: Result: 868193-868202 (9b minChunk:4 X)
000D3F61   6C 65 61 72 00 43 68 61 72                         lear.Char
[INFO    ][2023-07-22 00:45:58,724] _scanDataPart() :: Result: 868312-868321 (9b minChunk:4 X)
000D3FD8   61 64 65 72 00 54 65 78 74                         ader.Text
[INFO    ][2023-07-22 00:46:03,976] _scanDataPart() :: Result: 868321-868331 (10 bytes)
000D3FE1   52 65 61 64 65 72 00 41 73 73                      Reader.Ass
[INFO    ][2023-07-22 00:46:03,977] _printStatus() :: Reducing: 213 chunks done, found 9 matches (43 added)
[INFO    ][2023-07-22 00:46:04,005] _scanDataPart() :: Result: 874813-874823 (10 bytes)
000D593D   67 41 73 73 65 6D 62 6C 79 00                      gAssembly.
[INFO    ][2023-07-22 00:46:04,006] scan() :: Reducer Result: Time:66 Chunks:222 MatchesAdded:44 MatchesFinal:10
[INFO    ][2023-07-22 00:46:04,006] handleFile() :: Result: 24 matches
[INFO    ][2023-07-22 00:46:04,006] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:46:06,817] save() :: Saving HashCache (74533)
[INFO    ][2023-07-22 00:46:06,901] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-22 00:46:06,901] runVerifications() :: Verify 24 matches
[INFO    ][2023-07-22 00:46:29,877] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:46:52,247] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:47:25,606] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:47:58,601] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:48:23,902] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.DETECTED
  Idx: 3  result: ScanResult.DETECTED
  Idx: 4  result: ScanResult.DETECTED
  Idx: 5  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 8  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 14  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 19  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 22  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:49:27,440] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.DETECTED
  Idx: 3  result: ScanResult.DETECTED
  Idx: 4  result: ScanResult.DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:50:24,743] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:50:24,745] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:50:27,214] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:50:27,216] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:50:27,216] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:50:27,217] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-22 00:50:27,327] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-22 00:50:27,756] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-07-22 00:50:27,756] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-07-22 00:50:27,760] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:50:27,761] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-22 00:50:27,762] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-22 00:50:27,762] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:50:27,763] save() :: Saving HashCache (74627)
[INFO    ][2023-08-04 18:32:31,572] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-08-04 18:32:31,573] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-08-04 18:32:31,574] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-04 18:32:31,719] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-04 18:32:31,720] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-04 18:32:31,720] load() :: Loading HashCache
[INFO    ][2023-08-04 18:32:31,832] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:32:31,832] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:32:31,909] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:32:32,002] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-04 18:32:33,087] init() :: DotnetData entries: 3566
[INFO    ][2023-08-04 18:32:33,087] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-08-04 18:32:33,087] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-08-04 18:32:33,087] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-08-04 18:32:33,088] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-08-04 18:32:33,088] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-08-04 18:32:33,088] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-08-04 18:32:33,093] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-08-04 18:32:33,094] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:59:14,499] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-08-06 16:59:14,499] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-08-06 16:59:14,500] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 16:59:14,647] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 16:59:14,648] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 16:59:14,648] load() :: Loading HashCache
[INFO    ][2023-08-06 16:59:14,761] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:59:14,762] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:59:14,841] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:59:14,935] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 16:59:16,005] init() :: DotnetData entries: 3566
[INFO    ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-08-06 16:59:16,007] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-08-06 16:59:16,012] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-08-06 16:59:16,013] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:33:25,208] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-08-06 17:33:25,209] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-08-06 17:33:25,210] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:33:25,356] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:33:25,357] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:33:25,357] load() :: Loading HashCache
[INFO    ][2023-08-06 17:33:25,471] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:33:25,471] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:33:25,547] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:33:25,639] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:33:26,700] init() :: DotnetData entries: 3566
[INFO    ][2023-08-06 17:33:26,700] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-08-06 17:33:26,700] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-08-06 17:33:26,706] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-08-06 17:33:26,707] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:27:04,605] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-01 05:27:04,605] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-01 05:27:04,616] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:27:04,759] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:27:04,760] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:27:04,763] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:27:04,763] load() :: Loading HashCache
[INFO    ][2023-09-01 05:27:04,877] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:27:04,878] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:27:04,960] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:22:49,170] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-24 19:22:49,170] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-24 19:22:49,180] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:22:49,181] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:22:49,222] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:22:49,222] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:22:49,222] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:22:49,323] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:22:49,440] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:22:49,442] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:22:49,443] load() :: Loading HashCache
[INFO    ][2023-09-24 19:22:49,574] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:22:49,574] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:22:49,671] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:22:50,708] init() :: DotnetData entries: 3566
[INFO    ][2023-09-24 19:22:50,708] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-09-24 19:22:50,708] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-09-24 19:22:50,708] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-09-24 19:22:50,709] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-09-24 19:22:50,709] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-09-24 19:22:50,709] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-09-24 19:22:50,714] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:22:50,714] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:16:07,116] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-25 18:16:07,116] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-25 18:16:07,118] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:16:07,118] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:16:07,153] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:16:07,153] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:16:07,154] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:16:07,257] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:16:07,371] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:16:07,374] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:16:07,375] load() :: Loading HashCache
[INFO    ][2023-09-25 18:16:07,512] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:16:07,512] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:16:07,612] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:16:08,700] init() :: DotnetData entries: 3566
[INFO    ][2023-09-25 18:16:08,700] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-09-25 18:16:08,700] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-09-25 18:16:08,706] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:16:08,707] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:23:08,588] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-25 18:23:08,588] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-25 18:23:08,589] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:23:08,590] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:23:08,625] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:23:08,625] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:23:08,625] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:23:08,729] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:23:08,842] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:23:08,844] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:23:08,845] load() :: Loading HashCache
[INFO    ][2023-09-25 18:23:08,977] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:23:08,977] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:23:09,074] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:23:10,160] init() :: DotnetData entries: 3566
[INFO    ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-09-25 18:23:10,162] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-09-25 18:23:10,166] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:23:10,167] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:08:37,565] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-29 10:08:37,565] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-29 10:08:37,566] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:08:37,567] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:08:37,602] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:08:37,602] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:08:37,602] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:08:37,707] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:08:37,709] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:08:37,710] load() :: Loading HashCache
[INFO    ][2023-09-29 10:08:37,838] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:08:37,838] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:08:37,938] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:08:39,019] init() :: DotnetData entries: 3566
[INFO    ][2023-09-29 10:08:39,019] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-09-29 10:08:39,025] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:08:39,026] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:13:11,024] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-29 12:13:11,025] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-29 12:13:11,026] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:13:11,026] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:13:11,061] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:13:11,061] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:13:11,061] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,061] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,061] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:13:11,062] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:13:11,165] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:13:11,168] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:13:11,168] load() :: Loading HashCache
[INFO    ][2023-09-29 12:13:11,296] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:13:11,296] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:13:11,394] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:13:12,463] init() :: DotnetData entries: 3566
[INFO    ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-09-29 12:13:12,465] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-09-29 12:13:12,469] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:13:12,470] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:34:05,772] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-30 10:34:05,772] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe
[INFO    ][2023-09-30 10:34:05,773] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:34:05,774] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:34:05,809] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:34:05,809] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:34:05,809] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:34:05,915] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:34:05,917] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:34:05,918] load() :: Loading HashCache
[INFO    ][2023-09-30 10:34:06,047] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:34:06,047] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:34:06,146] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:34:07,217] init() :: DotnetData entries: 3566
[INFO    ][2023-09-30 10:34:07,217] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1
[INFO    ][2023-09-30 10:34:07,217] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1
[INFO    ][2023-09-30 10:34:07,217] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1
[INFO    ][2023-09-30 10:34:07,218] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2
[INFO    ][2023-09-30 10:34:07,218] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1
[INFO    ][2023-09-30 10:34:07,218] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1
[INFO    ][2023-09-30 10:34:07,222] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:34:07,223] save() :: Saving HashCache (102072)