Name: | FA720EE223F9850C.SharpHound.exe.avira.exe |
Size: | 906,752 bytes |
Type: | EXE PE.NET |
MD5: | 76a2363d509cc7174c4abee9a7d7ae68 |
Scanner Name: | avira |
Appraisal: | Fragile (AND) based |
Scan Debug: | Duration: 134s / Chunks: 222 / Matches: 44 |
Scan date: | 2023-07-22 00:43:49 |
# | Iteration | Offset | Size | Section | Detail | SectionType | Conclusion |
---|---|---|---|---|---|---|---|
6 | 1 | 831402 | 9 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
7 | 1 | 831420 | 9 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
8 | 1 | 831432 | 18 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
9 | 1 | 832323 | 6 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
10 | 1 | 832586 | 6 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
11 | 1 | 832646 | 6 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
14 | 2 | 858499 | 19 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
15 | 2 | 859108 | 9 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
16 | 2 | 865679 | 5 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
17 | 2 | 866274 | 13 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
18 | 2 | 866993 | 10 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
19 | 2 | 867569 | 19 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
22 | 2 | 868312 | 19 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
23 | 2 | 874813 | 10 | .text #Strings | DATA | Dominant. Modify this to make file undetected |
Dominant. Modify this to make file undetected |
000CAFAA 00 0A 57 1F A2 0B 09 0F 00 ..W......
Dominant. Modify this to make file undetected |
000CAFBC 01 00 00 00 D1 00 00 00 46 ........F
Dominant. Modify this to make file undetected |
000CAFC8 95 01 00 00 DC 01 00 00 36 01 00 00 29 00 00 00 ........6...)... 000CAFD8 CF 02 ..
Dominant. Modify this to make file undetected |
000CB343 00 30 24 52 29 2E .0$R).
Dominant. Modify this to make file undetected |
000CB44A 06 00 7D 2E 2B 08 ..}.+.
Dominant. Modify this to make file undetected |
000CB486 06 00 DE 47 92 2B ...G.+
Dominant. Modify this to make file undetected |
000D1983 65 65 64 73 53 50 4E 00 53 79 73 74 65 6D 2E 49 eedsSPN.System.I 000D1993 4F 00 47 O.G
Dominant. Modify this to make file undetected |
000D1BE4 00 4C 6F 61 64 00 54 72 79 .Load.Try
Dominant. Modify this to make file undetected |
000D358F 00 42 79 74 65 .Byte
Dominant. Modify this to make file undetected |
000D37E2 47 65 74 43 61 63 68 65 50 61 74 68 00 GetCachePath.
Dominant. Modify this to make file undetected |
000D3AB1 00 53 79 73 74 65 6D 00 52 61 .System.Ra
Dominant. Modify this to make file undetected |
000D3CF1 00 53 79 73 74 65 6D 2E 52 65 66 6C 65 63 74 69 .System.Reflecti 000D3D01 6F 6E 00 on.
Dominant. Modify this to make file undetected |
000D3FD8 61 64 65 72 00 54 65 78 74 52 65 61 64 65 72 00 ader.TextReader. 000D3FE8 41 73 73 Ass
Dominant. Modify this to make file undetected |
000D593D 67 41 73 73 65 6D 62 6C 79 00 gAssembly.
Test # | MatchOrder | ModifyPosition |
Match#0 methods 50b |
Match#1 methods 51b |
Match#2 methods 51b |
Match#3 methods 102b |
Match#4 methods 51b |
Match#5 methods 254b |
Match#6 #~ 9b |
Match#7 #~ 9b |
Match#8 #~ 18b |
Match#9 #~ 6b |
Match#10 #~ 6b |
Match#11 #~ 6b |
Match#12 #~ 6b |
Match#13 #~ 7b |
Match#14 #Strings 19b |
Match#15 #Strings 9b |
Match#16 #Strings 5b |
Match#17 #Strings 13b |
Match#18 #Strings 10b |
Match#19 #Strings 19b |
Match#20 #Strings 14b |
Match#21 #Strings 9b |
Match#22 #Strings 19b |
Match#23 #Strings 10b |
0 | ISOLATED | MIDDLE8 | ||||||||||||||||||||||||
1 | ISOLATED | THIRDS4 | ||||||||||||||||||||||||
2 | ISOLATED | FULL | ||||||||||||||||||||||||
3 | ISOLATED | FULLB | ||||||||||||||||||||||||
4 | INCREMENTAL | MIDDLE8 | 0 | 1 | 2 | 3 | 4 | 5 | 8 | 14 | 19 | 22 | ||||||||||||||
5 | INCREMENTAL | FULL | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 |
6 | DECREMENTAL | FULL | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
7 | ALL | MIDDLE8 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||||||||||||||
8 | ALL | THIRDS4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||||||||||||||
9 | ALL | FULL | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Result |
[INFO ][2023-07-22 00:43:41,577] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-07-22 00:43:41,577] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-07-22 00:43:41,578] handleFile() :: Using parser for file type DOTNET [INFO ][2023-07-22 00:43:41,724] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-22 00:43:41,725] handleFile() :: Using scanner from command line: avira [INFO ][2023-07-22 00:43:41,727] load() :: Loading HashCache [INFO ][2023-07-22 00:43:41,820] load() :: 74480 hashes loaded [INFO ][2023-07-22 00:43:49,997] handleFile() :: QuickCheck: FA720EE223F9850C.SharpHound.exe.avira.exe is detected by avira and not hash based [INFO ][2023-07-22 00:43:49,998] handleFile() :: Scanning for matches... [INFO ][2023-07-22 00:43:49,998] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact) [INFO ][2023-07-22 00:43:50,094] findDetectedSections() :: Hide: .text -> Detected: False [INFO ][2023-07-22 00:43:50,096] findDetectedSections() :: Hide: .rsrc -> Detected: True [INFO ][2023-07-22 00:43:50,097] findDetectedSections() :: Hide: .reloc -> Detected: True [INFO ][2023-07-22 00:43:52,887] findDetectedSections() :: Hide: Header -> Detected: False [INFO ][2023-07-22 00:43:55,820] findDetectedSections() :: Hide: DotNet Header -> Detected: False [INFO ][2023-07-22 00:43:58,671] findDetectedSections() :: Hide: Metadata Header -> Detected: False [INFO ][2023-07-22 00:43:58,673] findDetectedSections() :: Hide: methods -> Detected: False [INFO ][2023-07-22 00:44:01,679] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False [INFO ][2023-07-22 00:44:04,413] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False [INFO ][2023-07-22 00:44:07,378] findDetectedSections() :: Hide: #US Stream Header -> Detected: True [INFO ][2023-07-22 00:44:10,248] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True [INFO ][2023-07-22 00:44:13,024] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True [INFO ][2023-07-22 00:44:13,026] findDetectedSections() :: Hide: #~ -> Detected: False [INFO ][2023-07-22 00:44:13,027] findDetectedSections() :: Hide: #Strings -> Detected: False [INFO ][2023-07-22 00:44:13,029] findDetectedSections() :: Hide: #US -> Detected: True [INFO ][2023-07-22 00:44:13,030] findDetectedSections() :: Hide: #GUID -> Detected: True [INFO ][2023-07-22 00:44:13,032] findDetectedSections() :: Hide: #Blob -> Detected: True [INFO ][2023-07-22 00:44:13,032] scanForMatchesInPe() :: 3 section(s) trigger the antivirus independantly [INFO ][2023-07-22 00:44:13,032] scanForMatchesInPe() :: section: methods [INFO ][2023-07-22 00:44:13,032] scanForMatchesInPe() :: section: #~ [INFO ][2023-07-22 00:44:13,032] scanForMatchesInPe() :: section: #Strings [INFO ][2023-07-22 00:44:23,818] scanForMatchesInPe() :: Launching bytes analysis on section: methods (584-831288) [INFO ][2023-07-22 00:44:23,818] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:32 MinMatchSize:64 [INFO ][2023-07-22 00:44:23,818] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added) [INFO ][2023-07-22 00:44:23,858] _scanDataPart() :: Result: 6058-6108 (50b minChunk:32 X) 000017AA 06 00 53 00 00 00 00 00 00 00 04 6F 84 01 00 06 ..S........o.... 000017BA 72 26 06 00 70 28 0E 00 00 2B 28 94 00 00 0A 04 r&..p(...+(..... 000017CA 03 25 2D 1D 26 28 A2 00 00 0A 6F A3 00 00 0A 17 .%-.&(....o..... 000017DA 8D 25 .% [INFO ][2023-07-22 00:44:23,860] _scanDataPart() :: Result: 6210-6261 (51b minChunk:32 X) 00001842 00 06 0A 03 6F 84 01 00 06 72 E8 06 00 70 17 8D ....o....r...p.. 00001852 01 00 00 01 25 16 06 A2 28 94 00 00 0A 06 28 A4 ....%...(.....(. 00001862 00 00 0A 2D 19 03 6F 84 01 00 06 72 0E 07 00 70 ...-..o....r...p 00001872 28 0E 00 (.. [INFO ][2023-07-22 00:44:23,870] _scanDataPart() :: Result: 6311-6362 (51b minChunk:32 X) 000018A7 03 6F 84 01 00 06 72 72 07 00 70 17 8D 01 00 00 .o....rr..p..... 000018B7 01 25 16 07 6F A7 00 00 0A A2 28 8C 00 00 0A DE .%..o.....(..... 000018C7 1F 0C 03 6F 84 01 00 06 72 B4 07 00 70 17 8D 01 ...o....r...p... 000018D7 00 00 01 ... [INFO ][2023-07-22 00:44:23,877] _scanDataPart() :: Result: 6717-6768 (51b minChunk:32 X) 00001A3D 01 00 06 17 6F A6 01 00 06 03 17 8D 10 00 00 01 ....o........... 00001A4D 25 16 06 A2 6F 9B 01 00 06 03 6F 84 01 00 06 72 %...o.....o....r 00001A5D 66 0A 00 70 28 0E 00 00 2B 28 94 00 00 0A 03 2A f..p(...+(.....* 00001A6D 00 00 00 ... [INFO ][2023-07-22 00:44:23,880] _scanDataPart() :: Result: 6768-6819 (51b minChunk:32 X) 00001A70 13 30 06 00 68 00 00 00 15 00 00 11 03 6F 84 01 .0..h........o.. 00001A80 00 06 72 A8 0A 00 70 28 0E 00 00 2B 28 94 00 00 ..r...p(...+(... 00001A90 0A 03 6F 84 01 00 06 72 EA 0A 00 70 17 8D 01 00 ..o....r...p.... 00001AA0 00 01 25 ..% [INFO ][2023-07-22 00:44:23,897] _scanDataPart() :: Result: 11179-11230 (51b minChunk:32 X) 00002BAB 00 A9 01 00 00 29 00 00 11 02 7B 8D 00 00 04 0A .....)....{..... 00002BBB 02 7B 8F 00 00 04 0B 06 45 03 00 00 00 64 00 00 .{......E....d.. 00002BCB 00 D9 00 00 00 37 01 00 00 07 7B 86 00 00 04 6F .....7....{....o 00002BDB 62 01 00 b.. [INFO ][2023-07-22 00:44:23,899] _scanDataPart() :: Result: 11280-11331 (51b minChunk:32 X) 00002C10 00 00 0A 2D 3F 02 16 25 0A 7D 8D 00 00 04 02 09 ...-?..%.}...... 00002C20 7D 90 00 00 04 02 7C 8E 00 00 04 12 03 02 28 24 }.....|.......($ 00002C30 00 00 2B DD 24 01 00 00 02 7B 90 00 00 04 0D 02 ..+.$....{...... 00002C40 7C 90 00 |.. [INFO ][2023-07-22 00:44:23,904] _scanDataPart() :: Result: 11331-11381 (50b minChunk:32 X) 00002C43 00 04 FE 15 18 00 00 01 02 15 25 0A 7D 8D 00 00 ..........%.}... 00002C53 04 12 03 28 18 00 00 0A 07 7B 85 00 00 04 6F 0C ...(.....{....o. 00002C63 01 00 0A 12 05 FE 15 2D 00 00 01 11 05 6F 0F 01 .......-.....o.. 00002C73 00 0A .. [INFO ][2023-07-22 00:44:23,904] _scanDataPart() :: Result: 11381-11432 (51b minChunk:32 X) 00002C75 13 06 12 06 28 10 01 00 0A 13 04 12 04 28 11 01 ....(........(.. 00002C85 00 0A 2D 41 02 17 25 0A 7D 8D 00 00 04 02 11 04 ..-A..%.}....... 00002C95 7D 91 00 00 04 02 7C 8E 00 00 04 12 04 02 28 25 }.....|.......(% 00002CA5 00 00 2B ..+ [INFO ][2023-07-22 00:44:23,907] _scanDataPart() :: Result: 11432-11483 (51b minChunk:32 X) 00002CA8 DD AF 00 00 00 02 7B 91 00 00 04 13 04 02 7C 91 ......{.......|. 00002CB8 00 00 04 FE 15 2C 00 00 1B 02 15 25 0A 7D 8D 00 .....,.....%.}.. 00002CC8 00 04 12 04 28 12 01 00 0A 3A 15 FF FF FF 07 6F ....(....:.....o 00002CD8 13 01 00 ... [INFO ][2023-07-22 00:44:23,907] _scanDataPart() :: Result: 11483-11534 (51b minChunk:32 X) 00002CDB 0A 6F 15 00 00 0A 0D 12 03 28 16 00 00 0A 2D 3C .o.......(....-< 00002CEB 02 18 25 0A 7D 8D 00 00 04 02 09 7D 90 00 00 04 ..%.}......}.... 00002CFB 02 7C 8E 00 00 04 12 03 02 28 24 00 00 2B DE 51 .|.......($..+.Q 00002D0B 02 7B 90 .{. [INFO ][2023-07-22 00:44:23,908] scan() :: Reducer Result: Time:0 Chunks:45 MatchesAdded:11 MatchesFinal:6 [INFO ][2023-07-22 00:44:32,603] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (831396-856416) [INFO ][2023-07-22 00:44:32,603] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:2 MinMatchSize:4 [INFO ][2023-07-22 00:44:32,603] _printStatus() :: Reducing: 46 chunks done, found 0 matches (11 added) [INFO ][2023-07-22 00:44:32,639] _scanDataPart() :: Result: 831402-831408 (6 bytes) 000CAFAA 00 0A 57 1F A2 0B ..W... [INFO ][2023-07-22 00:44:32,644] _scanDataPart() :: Result: 831408-831411 (3b minChunk:2 X) 000CAFB0 09 0F 00 ... [INFO ][2023-07-22 00:44:38,134] _scanDataPart() :: Result: 831420-831426 (6 bytes) 000CAFBC 01 00 00 00 D1 00 ...... [INFO ][2023-07-22 00:44:38,134] _printStatus() :: Reducing: 65 chunks done, found 2 matches (14 added) [INFO ][2023-07-22 00:44:38,137] _scanDataPart() :: Result: 831426-831429 (3b minChunk:2 X) 000CAFC2 00 00 46 ..F [INFO ][2023-07-22 00:44:43,704] _scanDataPart() :: Result: 831432-831438 (6 bytes) 000CAFC8 95 01 00 00 DC 01 ...... [INFO ][2023-07-22 00:44:43,705] _printStatus() :: Reducing: 69 chunks done, found 3 matches (16 added) [INFO ][2023-07-22 00:44:49,192] _scanDataPart() :: Result: 831438-831444 (6 bytes) 000CAFCE 00 00 36 01 00 00 ..6... [INFO ][2023-07-22 00:44:49,192] _printStatus() :: Reducing: 70 chunks done, found 3 matches (17 added) [INFO ][2023-07-22 00:44:49,202] _scanDataPart() :: Result: 831444-831450 (6 bytes) 000CAFD4 29 00 00 00 CF 02 )..... [INFO ][2023-07-22 00:44:49,222] _scanDataPart() :: Result: 832323-832329 (6 bytes) 000CB343 00 30 24 52 29 2E .0$R). [INFO ][2023-07-22 00:44:49,240] _scanDataPart() :: Result: 832586-832592 (6 bytes) 000CB44A 06 00 7D 2E 2B 08 ..}.+. [INFO ][2023-07-22 00:44:49,249] _scanDataPart() :: Result: 832646-832652 (6 bytes) 000CB486 06 00 DE 47 92 2B ...G.+ [INFO ][2023-07-22 00:44:49,269] _scanDataPart() :: Doubling: minChunkSize: 2 minMatchSize: 4 [INFO ][2023-07-22 00:44:49,280] _scanDataPart() :: Result: 849042-849048 (6b minChunk:4 X) 000CF492 85 0A C0 2D E9 05 ...-.. [INFO ][2023-07-22 00:44:49,285] _scanDataPart() :: Result: 849078-849085 (7b minChunk:4 X) 000CF4B6 65 38 FE 2D E9 05 85 e8.-... [INFO ][2023-07-22 00:44:49,286] scan() :: Reducer Result: Time:17 Chunks:107 MatchesAdded:23 MatchesFinal:8 [INFO ][2023-07-22 00:44:57,868] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (856416-875304) [INFO ][2023-07-22 00:44:57,869] scan() :: Reducer Start: ScanSpeed:Normal Iteration:2 MinChunkSize:2 MinMatchSize:4 [INFO ][2023-07-22 00:44:57,869] _printStatus() :: Reducing: 108 chunks done, found 0 matches (23 added) [INFO ][2023-07-22 00:45:03,481] _printStatus() :: Reducing: 120 chunks done, found 0 matches (23 added) [INFO ][2023-07-22 00:45:03,481] _scanDataPart() :: Result: 858499-858503 (4b minChunk:2 X) 000D1983 65 65 64 73 eeds [INFO ][2023-07-22 00:45:03,481] _scanDataPart() :: Result: 858503-858508 (5b minChunk:2 X) 000D1987 53 50 4E 00 53 SPN.S [INFO ][2023-07-22 00:45:08,777] _printStatus() :: Reducing: 123 chunks done, found 1 matches (25 added) [INFO ][2023-07-22 00:45:08,777] _scanDataPart() :: Result: 858508-858513 (5b minChunk:2 X) 000D198C 79 73 74 65 6D ystem [INFO ][2023-07-22 00:45:08,778] _scanDataPart() :: Result: 858513-858518 (5b minChunk:2 X) 000D1991 2E 49 4F 00 47 .IO.G [INFO ][2023-07-22 00:45:08,800] _scanDataPart() :: Result: 859108-859117 (9 bytes) 000D1BE4 00 4C 6F 61 64 00 54 72 79 .Load.Try [INFO ][2023-07-22 00:45:08,828] _scanDataPart() :: Result: 865679-865684 (5b minChunk:2 X) 000D358F 00 42 79 74 65 .Byte [INFO ][2023-07-22 00:45:14,541] _printStatus() :: Reducing: 155 chunks done, found 3 matches (29 added) [INFO ][2023-07-22 00:45:20,171] _printStatus() :: Reducing: 156 chunks done, found 3 matches (29 added) [INFO ][2023-07-22 00:45:20,171] _scanDataPart() :: Result: 866274-866278 (4b minChunk:2 X) 000D37E2 47 65 74 43 GetC [INFO ][2023-07-22 00:45:20,172] _scanDataPart() :: Result: 866278-866283 (5b minChunk:2 X) 000D37E6 61 63 68 65 50 acheP [INFO ][2023-07-22 00:45:25,754] _printStatus() :: Reducing: 159 chunks done, found 4 matches (31 added) [INFO ][2023-07-22 00:45:31,326] _printStatus() :: Reducing: 160 chunks done, found 4 matches (31 added) [INFO ][2023-07-22 00:45:31,326] _scanDataPart() :: Result: 866283-866287 (4b minChunk:2 X) 000D37EB 61 74 68 00 ath. [INFO ][2023-07-22 00:45:31,344] _scanDataPart() :: Result: 866993-866998 (5b minChunk:2 X) 000D3AB1 00 53 79 73 74 .Syst [INFO ][2023-07-22 00:45:31,344] _scanDataPart() :: Result: 866998-867003 (5b minChunk:2 X) 000D3AB6 65 6D 00 52 61 em.Ra [INFO ][2023-07-22 00:45:36,892] _printStatus() :: Reducing: 177 chunks done, found 5 matches (34 added) [INFO ][2023-07-22 00:45:42,257] _printStatus() :: Reducing: 178 chunks done, found 5 matches (34 added) [INFO ][2023-07-22 00:45:42,257] _scanDataPart() :: Result: 867569-867574 (5b minChunk:2 X) 000D3CF1 00 53 79 73 74 .Syst [INFO ][2023-07-22 00:45:47,862] _printStatus() :: Reducing: 180 chunks done, found 6 matches (35 added) [INFO ][2023-07-22 00:45:53,261] _scanDataPart() :: Result: 867574-867583 (9 bytes) 000D3CF6 65 6D 2E 52 65 66 6C 65 63 em.Reflec [INFO ][2023-07-22 00:45:53,262] _printStatus() :: Reducing: 181 chunks done, found 6 matches (36 added) [INFO ][2023-07-22 00:45:58,665] _printStatus() :: Reducing: 182 chunks done, found 6 matches (36 added) [INFO ][2023-07-22 00:45:58,665] _scanDataPart() :: Result: 867583-867588 (5b minChunk:2 X) 000D3CFF 74 69 6F 6E 00 tion. [INFO ][2023-07-22 00:45:58,682] _scanDataPart() :: Result: 867693-867698 (5b minChunk:2 X) 000D3D6D 6E 00 73 65 74 n.set [INFO ][2023-07-22 00:45:58,682] _scanDataPart() :: Result: 867698-867703 (5b minChunk:2 X) 000D3D72 5F 50 6F 73 69 _Posi [INFO ][2023-07-22 00:45:58,692] _scanDataPart() :: Result: 867703-867707 (4b minChunk:2 X) 000D3D77 74 69 6F 6E tion [INFO ][2023-07-22 00:45:58,699] _scanDataPart() :: Doubling: minChunkSize: 2 minMatchSize: 4 [INFO ][2023-07-22 00:45:58,704] _scanDataPart() :: Result: 868193-868202 (9b minChunk:4 X) 000D3F61 6C 65 61 72 00 43 68 61 72 lear.Char [INFO ][2023-07-22 00:45:58,724] _scanDataPart() :: Result: 868312-868321 (9b minChunk:4 X) 000D3FD8 61 64 65 72 00 54 65 78 74 ader.Text [INFO ][2023-07-22 00:46:03,976] _scanDataPart() :: Result: 868321-868331 (10 bytes) 000D3FE1 52 65 61 64 65 72 00 41 73 73 Reader.Ass [INFO ][2023-07-22 00:46:03,977] _printStatus() :: Reducing: 213 chunks done, found 9 matches (43 added) [INFO ][2023-07-22 00:46:04,005] _scanDataPart() :: Result: 874813-874823 (10 bytes) 000D593D 67 41 73 73 65 6D 62 6C 79 00 gAssembly. [INFO ][2023-07-22 00:46:04,006] scan() :: Reducer Result: Time:66 Chunks:222 MatchesAdded:44 MatchesFinal:10 [INFO ][2023-07-22 00:46:04,006] handleFile() :: Result: 24 matches [INFO ][2023-07-22 00:46:04,006] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-07-22 00:46:06,817] save() :: Saving HashCache (74533) [INFO ][2023-07-22 00:46:06,901] verifyFile() :: Perform verification of matches [INFO ][2023-07-22 00:46:06,901] runVerifications() :: Verify 24 matches [INFO ][2023-07-22 00:46:29,877] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:46:52,247] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:47:25,606] runVerifications() :: Verification run: 2 FULL ISOLATED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:47:58,601] runVerifications() :: Verification run: 3 FULLB ISOLATED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:48:23,902] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL Idx: 0 result: ScanResult.DETECTED Idx: 1 result: ScanResult.DETECTED Idx: 2 result: ScanResult.DETECTED Idx: 3 result: ScanResult.DETECTED Idx: 4 result: ScanResult.DETECTED Idx: 5 result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 8 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 14 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 19 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 22 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:49:27,440] runVerifications() :: Verification run: 5 FULL INCREMENTAL Idx: 0 result: ScanResult.DETECTED Idx: 1 result: ScanResult.DETECTED Idx: 2 result: ScanResult.DETECTED Idx: 3 result: ScanResult.DETECTED Idx: 4 result: ScanResult.DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:50:24,743] runVerifications() :: Verification run: 6 FULL DECREMENTAL Idx: 23 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:50:24,745] runVerifications() :: Verification run: 7 MIDDLE8 ALL result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:50:27,214] runVerifications() :: Verification run: 8 THIRDS4 ALL result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:50:27,216] runVerifications() :: Verification run: 9 FULL ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:50:27,216] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-07-22 00:50:27,217] augmentFile() :: Perform augmentation of matches [INFO ][2023-07-22 00:50:27,327] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-22 00:50:27,756] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-07-22 00:50:27,756] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-07-22 00:50:27,757] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-07-22 00:50:27,760] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-07-22 00:50:27,761] outflankFile() :: Attempt to outflank the file [INFO ][2023-07-22 00:50:27,762] outflankDotnet() :: Outflank failed with attempted 0 patches [INFO ][2023-07-22 00:50:27,762] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-07-22 00:50:27,763] save() :: Saving HashCache (74627) [INFO ][2023-08-04 18:32:31,572] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-08-04 18:32:31,573] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-08-04 18:32:31,574] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-04 18:32:31,719] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-04 18:32:31,720] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-04 18:32:31,720] load() :: Loading HashCache [INFO ][2023-08-04 18:32:31,832] load() :: 77569 hashes loaded [INFO ][2023-08-04 18:32:31,832] save() :: Saving HashCache (77569) [INFO ][2023-08-04 18:32:31,909] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-04 18:32:32,002] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-04 18:32:33,087] init() :: DotnetData entries: 3566 [INFO ][2023-08-04 18:32:33,087] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-08-04 18:32:33,087] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-08-04 18:32:33,087] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-08-04 18:32:33,088] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-08-04 18:32:33,088] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-08-04 18:32:33,088] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-08-04 18:32:33,093] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-08-04 18:32:33,094] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:59:14,499] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-08-06 16:59:14,499] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-08-06 16:59:14,500] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 16:59:14,647] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 16:59:14,648] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-06 16:59:14,648] load() :: Loading HashCache [INFO ][2023-08-06 16:59:14,761] load() :: 77569 hashes loaded [INFO ][2023-08-06 16:59:14,762] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:59:14,841] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 16:59:14,935] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 16:59:16,005] init() :: DotnetData entries: 3566 [INFO ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-08-06 16:59:16,006] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-08-06 16:59:16,007] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-08-06 16:59:16,012] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-08-06 16:59:16,013] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:33:25,208] main() :: Using file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-08-06 17:33:25,209] handleFile() :: Handle file: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-08-06 17:33:25,210] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 17:33:25,356] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 17:33:25,357] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-06 17:33:25,357] load() :: Loading HashCache [INFO ][2023-08-06 17:33:25,471] load() :: 77569 hashes loaded [INFO ][2023-08-06 17:33:25,471] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:33:25,547] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 17:33:25,639] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 17:33:26,700] init() :: DotnetData entries: 3566 [INFO ][2023-08-06 17:33:26,700] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-08-06 17:33:26,700] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-08-06 17:33:26,701] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-08-06 17:33:26,706] saveToFile() :: Saving results to: app/upload/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-08-06 17:33:26,707] save() :: Saving HashCache (77569) [INFO ][2023-09-01 05:27:04,605] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-01 05:27:04,605] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-01 05:27:04,616] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:27:04,759] getDotNetSections() :: Offset: 7680 [WARNING ][2023-09-01 05:27:04,760] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-01 05:27:04,763] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-01 05:27:04,763] load() :: Loading HashCache [INFO ][2023-09-01 05:27:04,877] load() :: 85943 hashes loaded [INFO ][2023-09-01 05:27:04,878] save() :: Saving HashCache (85943) [INFO ][2023-09-01 05:27:04,960] save() :: Saving HashCache (85943) [INFO ][2023-09-24 19:22:49,170] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-24 19:22:49,170] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-24 19:22:49,180] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-24 19:22:49,181] parseFile() :: FilePe: Parse File [INFO ][2023-09-24 19:22:49,222] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-24 19:22:49,222] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-24 19:22:49,222] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-24 19:22:49,222] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-24 19:22:49,323] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-24 19:22:49,440] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-24 19:22:49,442] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-24 19:22:49,443] load() :: Loading HashCache [INFO ][2023-09-24 19:22:49,574] load() :: 101712 hashes loaded [INFO ][2023-09-24 19:22:49,574] save() :: Saving HashCache (101712) [INFO ][2023-09-24 19:22:49,671] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-24 19:22:50,708] init() :: DotnetData entries: 3566 [INFO ][2023-09-24 19:22:50,708] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-09-24 19:22:50,708] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-09-24 19:22:50,708] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-09-24 19:22:50,709] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-09-24 19:22:50,709] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-09-24 19:22:50,709] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-09-24 19:22:50,714] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-24 19:22:50,714] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:16:07,116] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-25 18:16:07,116] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-25 18:16:07,118] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:16:07,118] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:16:07,153] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:16:07,153] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:16:07,153] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:16:07,154] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:16:07,154] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:16:07,257] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:16:07,371] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-25 18:16:07,374] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-25 18:16:07,375] load() :: Loading HashCache [INFO ][2023-09-25 18:16:07,512] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:16:07,512] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:16:07,612] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:16:08,700] init() :: DotnetData entries: 3566 [INFO ][2023-09-25 18:16:08,700] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-09-25 18:16:08,700] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-09-25 18:16:08,701] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-09-25 18:16:08,706] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-25 18:16:08,707] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:23:08,588] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-25 18:23:08,588] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-25 18:23:08,589] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:23:08,590] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:23:08,625] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:23:08,625] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:23:08,625] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:23:08,625] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:23:08,729] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:23:08,842] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-25 18:23:08,844] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-25 18:23:08,845] load() :: Loading HashCache [INFO ][2023-09-25 18:23:08,977] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:23:08,977] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:23:09,074] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:23:10,160] init() :: DotnetData entries: 3566 [INFO ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-09-25 18:23:10,161] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-09-25 18:23:10,162] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-09-25 18:23:10,166] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-25 18:23:10,167] save() :: Saving HashCache (101712) [INFO ][2023-09-29 10:08:37,565] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-29 10:08:37,565] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-29 10:08:37,566] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 10:08:37,567] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 10:08:37,602] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 10:08:37,602] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 10:08:37,602] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 10:08:37,602] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 10:08:37,707] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-29 10:08:37,709] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-29 10:08:37,710] load() :: Loading HashCache [INFO ][2023-09-29 10:08:37,838] load() :: 102070 hashes loaded [INFO ][2023-09-29 10:08:37,838] save() :: Saving HashCache (102070) [INFO ][2023-09-29 10:08:37,938] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 10:08:39,019] init() :: DotnetData entries: 3566 [INFO ][2023-09-29 10:08:39,019] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-09-29 10:08:39,020] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-09-29 10:08:39,025] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-29 10:08:39,026] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:13:11,024] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-29 12:13:11,025] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-29 12:13:11,026] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 12:13:11,026] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 12:13:11,061] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 12:13:11,061] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 12:13:11,061] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 12:13:11,061] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 12:13:11,061] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 12:13:11,062] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 12:13:11,062] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 12:13:11,165] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-29 12:13:11,168] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-29 12:13:11,168] load() :: Loading HashCache [INFO ][2023-09-29 12:13:11,296] load() :: 102070 hashes loaded [INFO ][2023-09-29 12:13:11,296] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:13:11,394] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 12:13:12,463] init() :: DotnetData entries: 3566 [INFO ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-09-29 12:13:12,464] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-09-29 12:13:12,465] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-09-29 12:13:12,469] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-29 12:13:12,470] save() :: Saving HashCache (102070) [INFO ][2023-09-30 10:34:05,772] main() :: Using file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-30 10:34:05,772] handleFile() :: Handle file: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe [INFO ][2023-09-30 10:34:05,773] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-30 10:34:05,774] parseFile() :: FilePe: Parse File [INFO ][2023-09-30 10:34:05,809] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-30 10:34:05,809] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-30 10:34:05,809] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-30 10:34:05,809] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-30 10:34:05,915] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-30 10:34:05,917] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-30 10:34:05,918] load() :: Loading HashCache [INFO ][2023-09-30 10:34:06,047] load() :: 102072 hashes loaded [INFO ][2023-09-30 10:34:06,047] save() :: Saving HashCache (102072) [INFO ][2023-09-30 10:34:06,146] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-30 10:34:07,217] init() :: DotnetData entries: 3566 [INFO ][2023-09-30 10:34:07,217] disassembleDotNet() :: Match physical 6058/0x17AA, method disassemblies found: 1 [INFO ][2023-09-30 10:34:07,217] disassembleDotNet() :: Match physical 6210/0x1842, method disassemblies found: 1 [INFO ][2023-09-30 10:34:07,217] disassembleDotNet() :: Match physical 6311/0x18A7, method disassemblies found: 1 [INFO ][2023-09-30 10:34:07,218] disassembleDotNet() :: Match physical 6717/0x1A3D, method disassemblies found: 2 [INFO ][2023-09-30 10:34:07,218] disassembleDotNet() :: Match physical 11179/0x2BAB, method disassemblies found: 1 [INFO ][2023-09-30 10:34:07,218] disassembleDotNet() :: Match physical 11280/0x2C10, method disassemblies found: 1 [INFO ][2023-09-30 10:34:07,222] saveToFile() :: Saving results to: app/examples/FA720EE223F9850C.SharpHound.exe.avira.exe.outcome [INFO ][2023-09-30 10:34:07,223] save() :: Saving HashCache (102072)