mirror of
https://github.com/github/codeql.git
synced 2026-04-29 10:45:15 +02:00
Adding unit tests
This commit is contained in:
Raul Garcia (MSFT)
@@ -0,0 +1 @@
|
||||
| test.cs:31:9:31:74 | call to method InitiateSystemShutdownExW | Call to an external method 'InitiateSystemShutdownExW'. |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql
|
||||
@@ -0,0 +1,23 @@
|
||||
edges
|
||||
| test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:36:70:48 | access to local variable lastWriteTime |
|
||||
| test.cs:70:13:70:71 | call to method CompareTo : Int32 | test.cs:70:13:70:76 | ... >= ... |
|
||||
| test.cs:70:36:70:48 | access to local variable lastWriteTime | test.cs:70:36:70:70 | call to method AddHours |
|
||||
| test.cs:70:36:70:48 | access to local variable lastWriteTime | test.cs:70:36:70:70 | call to method AddHours : DateTime |
|
||||
| test.cs:70:36:70:48 | access to local variable lastWriteTime : DateTime | test.cs:70:36:70:70 | call to method AddHours |
|
||||
| test.cs:70:36:70:48 | access to local variable lastWriteTime : DateTime | test.cs:70:36:70:70 | call to method AddHours : DateTime |
|
||||
| test.cs:70:36:70:70 | call to method AddHours | test.cs:70:13:70:71 | call to method CompareTo |
|
||||
| test.cs:70:36:70:70 | call to method AddHours | test.cs:70:13:70:71 | call to method CompareTo : Int32 |
|
||||
| test.cs:70:36:70:70 | call to method AddHours : DateTime | test.cs:70:13:70:71 | call to method CompareTo |
|
||||
| test.cs:70:36:70:70 | call to method AddHours : DateTime | test.cs:70:13:70:71 | call to method CompareTo : Int32 |
|
||||
#select
|
||||
| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:71 | call to method CompareTo | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file |
|
||||
| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:71 | call to method CompareTo : Int32 | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file |
|
||||
| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:76 | ... >= ... | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file |
|
||||
| test.cs:70:9:73:9 | if (...) ... | test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | test.cs:70:13:70:76 | ... >= ... : Boolean | Possible TimeBomb logic triggered by $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:70:13:70:71 | call to method CompareTo | call to method CompareTo | test.cs:70:36:70:70 | call to method AddHours | an offset | test.cs:68:34:68:76 | call to method GetLastWriteTime | last modification time of a file |
|
||||
nodes
|
||||
| test.cs:68:34:68:76 | call to method GetLastWriteTime : DateTime | semmle.label | call to method GetLastWriteTime : DateTime |
|
||||
| test.cs:70:13:70:71 | call to method CompareTo | semmle.label | call to method CompareTo |
|
||||
| test.cs:70:13:70:71 | call to method CompareTo : Int32 | semmle.label | call to method CompareTo : Int32 |
|
||||
| test.cs:70:13:70:76 | ... >= ... | semmle.label | ... >= ... |
|
||||
| test.cs:70:36:70:48 | access to local variable lastWriteTime | semmle.label | access to local variable lastWriteTime |
|
||||
| test.cs:70:36:70:70 | call to method AddHours | semmle.label | call to method AddHours |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/backdoor/PotentialTimeBomb.ql
|
||||
@@ -0,0 +1,3 @@
|
||||
edges
|
||||
nodes
|
||||
#select
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql
|
||||
@@ -0,0 +1,76 @@
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
|
||||
namespace System.IO
|
||||
{
|
||||
public class File
|
||||
{
|
||||
public static DateTime GetLastWriteTime(string s)
|
||||
{
|
||||
return new DateTime(DateTime.MaxValue.Ticks);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
namespace System.Diagnostics
|
||||
{
|
||||
public class Process
|
||||
{
|
||||
public static string GetCurrentProcess() { return "test"; }
|
||||
}
|
||||
}
|
||||
|
||||
class External {
|
||||
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
|
||||
[return: MarshalAs(UnmanagedType.Bool)]
|
||||
public static extern bool InitiateSystemShutdownExW([In] string lpMachineName, [In] string lpMessage, [In] uint dwTimeout, [MarshalAs(UnmanagedType.Bool)][In] bool bForceAppsClosed, [MarshalAs(UnmanagedType.Bool)][In] bool bRebootAfterShutdown, [In] uint dwReason);
|
||||
|
||||
void TestDangerousNativeFunctionCall()
|
||||
{
|
||||
InitiateSystemShutdownExW(null, null, 0U, true, true, 2147745794U); // BUG : DangerousNativeFunctionCall
|
||||
}
|
||||
|
||||
ulong GetFvnHash(string s)
|
||||
{
|
||||
ulong num = 14695981039346656037UL; /* FNV base offset */
|
||||
try
|
||||
{
|
||||
foreach (byte b in Encoding.UTF8.GetBytes(s))
|
||||
{
|
||||
num ^= (ulong)b;
|
||||
num *= 1099511628211UL; /* FNV prime */
|
||||
}
|
||||
}
|
||||
catch
|
||||
{
|
||||
}
|
||||
// regular FVN
|
||||
return num;
|
||||
}
|
||||
|
||||
void IndirectTestProcessNameToHashTaintFlow( string s)
|
||||
{
|
||||
GetFvnHash(s); // BUG : ProcessNameToHashTaintFlow
|
||||
}
|
||||
|
||||
void TestProcessNameToHashTaintFlow()
|
||||
{
|
||||
GetFvnHash( System.Diagnostics.Process.GetCurrentProcess() ); // BUG : ProcessNameToHashTaintFlow
|
||||
|
||||
string proc = System.Diagnostics.Process.GetCurrentProcess();
|
||||
|
||||
IndirectTestProcessNameToHashTaintFlow( proc );
|
||||
}
|
||||
|
||||
void TestTimeBomb()
|
||||
{
|
||||
DateTime lastWriteTime = System.IO.File.GetLastWriteTime("someFile");
|
||||
int num = new Random().Next(288, 336);
|
||||
if (DateTime.Now.CompareTo(lastWriteTime.AddHours((double)num)) >= 0) // BUG : Potential time bomb
|
||||
{
|
||||
// Some code here
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
| test.cs:40:16:40:36 | 6605813339339102567 | The variable $@ seems to be used as part of a FNV-like hash calculation, that is modified by an additional $@ expression using literal $@. | test.cs:26:9:26:11 | num | num | test.cs:40:10:40:36 | ... ^ ... | xor | test.cs:40:16:40:36 | 6605813339339102567 | 6605813339339102567 |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/campaign/Solorigate/ModifiedFnvFunctionDetection.ql
|
||||
@@ -0,0 +1 @@
|
||||
| test.cs:43:7:43:15 | JobEngine | The enum $@ may be related to Solorigate. It matches 19 of the values used for commands in the enum. | test.cs:43:7:43:15 | JobEngine | JobEngine |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/campaign/Solorigate/NumberOfKnownCommandsAboveThreshold.ql
|
||||
@@ -0,0 +1,248 @@
|
||||
| test.cs:10:15:10:36 | 14695981039346656037 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:10:15:10:36 | 14695981039346656037 | 14695981039346656037 |
|
||||
| test.cs:15:11:15:25 | 1099511628211 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:15:11:15:25 | 1099511628211 | 1099511628211 |
|
||||
| test.cs:26:15:26:36 | 14695981039346656037 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:26:15:26:36 | 14695981039346656037 | 14695981039346656037 |
|
||||
| test.cs:32:12:32:26 | 1099511628211 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:32:12:32:26 | 1099511628211 | 1099511628211 |
|
||||
| test.cs:40:16:40:36 | 6605813339339102567 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:40:16:40:36 | 6605813339339102567 | 6605813339339102567 |
|
||||
| test.cs:173:5:173:24 | 10063651499895178962 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:173:5:173:24 | 10063651499895178962 | 10063651499895178962 |
|
||||
| test.cs:173:27:173:46 | 10235971842993272939 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:173:27:173:46 | 10235971842993272939 | 10235971842993272939 |
|
||||
| test.cs:173:49:173:68 | 10296494671777307979 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:173:49:173:68 | 10296494671777307979 | 10296494671777307979 |
|
||||
| test.cs:174:5:174:24 | 10336842116636872171 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:174:5:174:24 | 10336842116636872171 | 10336842116636872171 |
|
||||
| test.cs:174:27:174:46 | 10374841591685794123 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:174:27:174:46 | 10374841591685794123 | 10374841591685794123 |
|
||||
| test.cs:174:49:174:68 | 10393903804869831898 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:174:49:174:68 | 10393903804869831898 | 10393903804869831898 |
|
||||
| test.cs:175:5:175:24 | 10463926208560207521 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:175:5:175:24 | 10463926208560207521 | 10463926208560207521 |
|
||||
| test.cs:175:27:175:46 | 10484659978517092504 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:175:27:175:46 | 10484659978517092504 | 10484659978517092504 |
|
||||
| test.cs:175:49:175:68 | 10501212300031893463 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:175:49:175:68 | 10501212300031893463 | 10501212300031893463 |
|
||||
| test.cs:176:5:176:24 | 10545868833523019926 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:176:5:176:24 | 10545868833523019926 | 10545868833523019926 |
|
||||
| test.cs:176:27:176:46 | 10657751674541025650 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:176:27:176:46 | 10657751674541025650 | 10657751674541025650 |
|
||||
| test.cs:176:49:176:66 | 106672141413120087 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:176:49:176:66 | 106672141413120087 | 106672141413120087 |
|
||||
| test.cs:176:69:176:88 | 10734127004244879770 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:176:69:176:88 | 10734127004244879770 | 10734127004244879770 |
|
||||
| test.cs:177:5:177:24 | 10829648878147112121 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:177:5:177:24 | 10829648878147112121 | 10829648878147112121 |
|
||||
| test.cs:177:27:177:39 | 1099511628211 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:177:27:177:39 | 1099511628211 | 1099511628211 |
|
||||
| test.cs:177:42:177:61 | 11073283311104541690 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:177:42:177:61 | 11073283311104541690 | 11073283311104541690 |
|
||||
| test.cs:177:64:177:82 | 1109067043404435916 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:177:64:177:82 | 1109067043404435916 | 1109067043404435916 |
|
||||
| test.cs:178:5:178:24 | 11109294216876344399 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:178:5:178:24 | 11109294216876344399 | 11109294216876344399 |
|
||||
| test.cs:178:27:178:46 | 11266044540366291518 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:178:27:178:46 | 11266044540366291518 | 11266044540366291518 |
|
||||
| test.cs:178:49:178:68 | 11385275378891906608 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:178:49:178:68 | 11385275378891906608 | 11385275378891906608 |
|
||||
| test.cs:179:5:179:24 | 11771945869106552231 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:179:5:179:24 | 11771945869106552231 | 11771945869106552231 |
|
||||
| test.cs:179:27:179:46 | 11801746708619571308 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:179:27:179:46 | 11801746708619571308 | 11801746708619571308 |
|
||||
| test.cs:179:49:179:68 | 11818825521849580123 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:179:49:179:68 | 11818825521849580123 | 11818825521849580123 |
|
||||
| test.cs:180:5:180:24 | 11913842725949116895 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:180:5:180:24 | 11913842725949116895 | 11913842725949116895 |
|
||||
| test.cs:180:27:180:46 | 12027963942392743532 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:180:27:180:46 | 12027963942392743532 | 12027963942392743532 |
|
||||
| test.cs:180:49:180:68 | 12094027092655598256 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:180:49:180:68 | 12094027092655598256 | 12094027092655598256 |
|
||||
| test.cs:181:5:181:24 | 12343334044036541897 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:181:5:181:24 | 12343334044036541897 | 12343334044036541897 |
|
||||
| test.cs:181:27:181:46 | 12445177985737237804 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:181:27:181:46 | 12445177985737237804 | 12445177985737237804 |
|
||||
| test.cs:181:49:181:68 | 12445232961318634374 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:181:49:181:68 | 12445232961318634374 | 12445232961318634374 |
|
||||
| test.cs:182:5:182:24 | 12574535824074203265 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:182:5:182:24 | 12574535824074203265 | 12574535824074203265 |
|
||||
| test.cs:182:27:182:46 | 12679195163651834776 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:182:27:182:46 | 12679195163651834776 | 12679195163651834776 |
|
||||
| test.cs:182:49:182:68 | 12709986806548166638 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:182:49:182:68 | 12709986806548166638 | 12709986806548166638 |
|
||||
| test.cs:183:5:183:24 | 12718416789200275332 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:183:5:183:24 | 12718416789200275332 | 12718416789200275332 |
|
||||
| test.cs:183:27:183:46 | 12785322942775634499 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:183:27:183:46 | 12785322942775634499 | 12785322942775634499 |
|
||||
| test.cs:183:49:183:68 | 12790084614253405985 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:183:49:183:68 | 12790084614253405985 | 12790084614253405985 |
|
||||
| test.cs:184:5:184:24 | 12969190449276002545 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:184:5:184:24 | 12969190449276002545 | 12969190449276002545 |
|
||||
| test.cs:184:27:184:46 | 13014156621614176974 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:184:27:184:46 | 13014156621614176974 | 13014156621614176974 |
|
||||
| test.cs:184:49:184:68 | 13029357933491444455 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:184:49:184:68 | 13029357933491444455 | 13029357933491444455 |
|
||||
| test.cs:185:5:185:24 | 13135068273077306806 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:185:5:185:24 | 13135068273077306806 | 13135068273077306806 |
|
||||
| test.cs:185:27:185:46 | 13260224381505715848 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:185:27:185:46 | 13260224381505715848 | 13260224381505715848 |
|
||||
| test.cs:185:49:185:68 | 13316211011159594063 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:185:49:185:68 | 13316211011159594063 | 13316211011159594063 |
|
||||
| test.cs:186:5:186:24 | 13464308873961738403 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:186:5:186:24 | 13464308873961738403 | 13464308873961738403 |
|
||||
| test.cs:186:27:186:46 | 13544031715334011032 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:186:27:186:46 | 13544031715334011032 | 13544031715334011032 |
|
||||
| test.cs:186:49:186:68 | 13581776705111912829 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:186:49:186:68 | 13581776705111912829 | 13581776705111912829 |
|
||||
| test.cs:187:5:187:24 | 13599785766252827703 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:187:5:187:24 | 13599785766252827703 | 13599785766252827703 |
|
||||
| test.cs:187:27:187:46 | 13611051401579634621 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:187:27:187:46 | 13611051401579634621 | 13611051401579634621 |
|
||||
| test.cs:187:49:187:68 | 13611814135072561278 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:187:49:187:68 | 13611814135072561278 | 13611814135072561278 |
|
||||
| test.cs:188:5:188:24 | 13655261125244647696 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:188:5:188:24 | 13655261125244647696 | 13655261125244647696 |
|
||||
| test.cs:188:27:188:45 | 1367627386496056834 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:188:27:188:45 | 1367627386496056834 | 1367627386496056834 |
|
||||
| test.cs:188:48:188:66 | 1368907909245890092 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:188:48:188:66 | 1368907909245890092 | 1368907909245890092 |
|
||||
| test.cs:188:69:188:88 | 13693525876560827283 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:188:69:188:88 | 13693525876560827283 | 13693525876560827283 |
|
||||
| test.cs:189:5:189:24 | 13783346438774742614 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:189:5:189:24 | 13783346438774742614 | 13783346438774742614 |
|
||||
| test.cs:189:27:189:46 | 13799353263187722717 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:189:27:189:46 | 13799353263187722717 | 13799353263187722717 |
|
||||
| test.cs:189:49:189:68 | 13825071784440082496 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:189:49:189:68 | 13825071784440082496 | 13825071784440082496 |
|
||||
| test.cs:190:5:190:24 | 13852439084267373191 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:190:5:190:24 | 13852439084267373191 | 13852439084267373191 |
|
||||
| test.cs:190:27:190:46 | 13876356431472225791 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:190:27:190:46 | 13876356431472225791 | 13876356431472225791 |
|
||||
| test.cs:190:49:190:68 | 14055243717250701608 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:190:49:190:68 | 14055243717250701608 | 14055243717250701608 |
|
||||
| test.cs:191:5:191:24 | 14079676299181301772 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:191:5:191:24 | 14079676299181301772 | 14079676299181301772 |
|
||||
| test.cs:191:27:191:46 | 14095938998438966337 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:191:27:191:46 | 14095938998438966337 | 14095938998438966337 |
|
||||
| test.cs:191:49:191:68 | 14111374107076822891 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:191:49:191:68 | 14111374107076822891 | 14111374107076822891 |
|
||||
| test.cs:192:5:192:24 | 14193859431895170587 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:192:5:192:24 | 14193859431895170587 | 14193859431895170587 |
|
||||
| test.cs:192:27:192:46 | 14226582801651130532 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:192:27:192:46 | 14226582801651130532 | 14226582801651130532 |
|
||||
| test.cs:192:49:192:68 | 14243671177281069512 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:192:49:192:68 | 14243671177281069512 | 14243671177281069512 |
|
||||
| test.cs:193:5:193:24 | 14256853800858727521 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:193:5:193:24 | 14256853800858727521 | 14256853800858727521 |
|
||||
| test.cs:193:27:193:46 | 14480775929210717493 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:193:27:193:46 | 14480775929210717493 | 14480775929210717493 |
|
||||
| test.cs:193:49:193:68 | 14482658293117931546 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:193:49:193:68 | 14482658293117931546 | 14482658293117931546 |
|
||||
| test.cs:194:5:194:24 | 14513577387099045298 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:194:5:194:24 | 14513577387099045298 | 14513577387099045298 |
|
||||
| test.cs:194:27:194:46 | 14630721578341374856 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:194:27:194:46 | 14630721578341374856 | 14630721578341374856 |
|
||||
| test.cs:194:49:194:68 | 14695981039346656037 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:194:49:194:68 | 14695981039346656037 | 14695981039346656037 |
|
||||
| test.cs:195:5:195:24 | 14710585101020280896 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:195:5:195:24 | 14710585101020280896 | 14710585101020280896 |
|
||||
| test.cs:195:27:195:45 | 1475579823244607677 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:195:27:195:45 | 1475579823244607677 | 1475579823244607677 |
|
||||
| test.cs:195:48:195:67 | 14868920869169964081 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:195:48:195:67 | 14868920869169964081 | 14868920869169964081 |
|
||||
| test.cs:195:70:195:89 | 14968320160131875803 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:195:70:195:89 | 14968320160131875803 | 14968320160131875803 |
|
||||
| test.cs:196:5:196:24 | 14971809093655817917 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:196:5:196:24 | 14971809093655817917 | 14971809093655817917 |
|
||||
| test.cs:196:27:196:46 | 15039834196857999838 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:196:27:196:46 | 15039834196857999838 | 15039834196857999838 |
|
||||
| test.cs:196:49:196:68 | 15092207615430402812 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:196:49:196:68 | 15092207615430402812 | 15092207615430402812 |
|
||||
| test.cs:197:5:197:24 | 15114163911481793350 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:197:5:197:24 | 15114163911481793350 | 15114163911481793350 |
|
||||
| test.cs:197:27:197:46 | 15194901817027173566 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:197:27:197:46 | 15194901817027173566 | 15194901817027173566 |
|
||||
| test.cs:197:49:197:68 | 15267980678929160412 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:197:49:197:68 | 15267980678929160412 | 15267980678929160412 |
|
||||
| test.cs:198:5:198:24 | 15457732070353984570 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:198:5:198:24 | 15457732070353984570 | 15457732070353984570 |
|
||||
| test.cs:198:27:198:46 | 15514036435533858158 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:198:27:198:46 | 15514036435533858158 | 15514036435533858158 |
|
||||
| test.cs:198:49:198:68 | 15535773470978271326 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:198:49:198:68 | 15535773470978271326 | 15535773470978271326 |
|
||||
| test.cs:199:5:199:24 | 15587050164583443069 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:199:5:199:24 | 15587050164583443069 | 15587050164583443069 |
|
||||
| test.cs:199:27:199:44 | 155978580751494388 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:199:27:199:44 | 155978580751494388 | 155978580751494388 |
|
||||
| test.cs:199:47:199:66 | 15695338751700748390 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:199:47:199:66 | 15695338751700748390 | 15695338751700748390 |
|
||||
| test.cs:199:69:199:88 | 15997665423159927228 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:199:69:199:88 | 15997665423159927228 | 15997665423159927228 |
|
||||
| test.cs:200:5:200:24 | 16066522799090129502 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:200:5:200:24 | 16066522799090129502 | 16066522799090129502 |
|
||||
| test.cs:200:27:200:46 | 16066651430762394116 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:200:27:200:46 | 16066651430762394116 | 16066651430762394116 |
|
||||
| test.cs:200:49:200:68 | 16112751343173365533 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:200:49:200:68 | 16112751343173365533 | 16112751343173365533 |
|
||||
| test.cs:201:5:201:24 | 16130138450758310172 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:201:5:201:24 | 16130138450758310172 | 16130138450758310172 |
|
||||
| test.cs:201:27:201:45 | 1614465773938842903 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:201:27:201:45 | 1614465773938842903 | 1614465773938842903 |
|
||||
| test.cs:201:48:201:67 | 16292685861617888592 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:201:48:201:67 | 16292685861617888592 | 16292685861617888592 |
|
||||
| test.cs:201:70:201:89 | 16335643316870329598 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:201:70:201:89 | 16335643316870329598 | 16335643316870329598 |
|
||||
| test.cs:202:5:202:24 | 16423314183614230717 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:202:5:202:24 | 16423314183614230717 | 16423314183614230717 |
|
||||
| test.cs:202:27:202:46 | 16570804352575357627 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:202:27:202:46 | 16570804352575357627 | 16570804352575357627 |
|
||||
| test.cs:202:49:202:67 | 1682585410644922036 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:202:49:202:67 | 1682585410644922036 | 1682585410644922036 |
|
||||
| test.cs:202:70:202:89 | 16858955978146406642 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:202:70:202:89 | 16858955978146406642 | 16858955978146406642 |
|
||||
| test.cs:203:5:203:24 | 16990567851129491937 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:203:5:203:24 | 16990567851129491937 | 16990567851129491937 |
|
||||
| test.cs:203:27:203:46 | 17017923349298346219 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:203:27:203:46 | 17017923349298346219 | 17017923349298346219 |
|
||||
| test.cs:203:49:203:68 | 17097380490166623672 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:203:49:203:68 | 17097380490166623672 | 17097380490166623672 |
|
||||
| test.cs:204:5:204:24 | 17109238199226571972 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:204:5:204:24 | 17109238199226571972 | 17109238199226571972 |
|
||||
| test.cs:204:27:204:46 | 17204844226884380288 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:204:27:204:46 | 17204844226884380288 | 17204844226884380288 |
|
||||
| test.cs:204:49:204:68 | 17291806236368054941 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:204:49:204:68 | 17291806236368054941 | 17291806236368054941 |
|
||||
| test.cs:205:5:205:24 | 17351543633914244545 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:205:5:205:24 | 17351543633914244545 | 17351543633914244545 |
|
||||
| test.cs:205:27:205:46 | 17439059603042731363 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:205:27:205:46 | 17439059603042731363 | 17439059603042731363 |
|
||||
| test.cs:205:49:205:68 | 17574002783607647274 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:205:49:205:68 | 17574002783607647274 | 17574002783607647274 |
|
||||
| test.cs:206:5:206:24 | 17624147599670377042 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:206:5:206:24 | 17624147599670377042 | 17624147599670377042 |
|
||||
| test.cs:206:27:206:46 | 17633734304611248415 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:206:27:206:46 | 17633734304611248415 | 17633734304611248415 |
|
||||
| test.cs:206:49:206:68 | 17683972236092287897 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:206:49:206:68 | 17683972236092287897 | 17683972236092287897 |
|
||||
| test.cs:207:5:207:24 | 17849680105131524334 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:207:5:207:24 | 17849680105131524334 | 17849680105131524334 |
|
||||
| test.cs:207:27:207:46 | 17939405613729073960 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:207:27:207:46 | 17939405613729073960 | 17939405613729073960 |
|
||||
| test.cs:207:49:207:68 | 17956969551821596225 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:207:49:207:68 | 17956969551821596225 | 17956969551821596225 |
|
||||
| test.cs:208:5:208:24 | 17978774977754553159 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:208:5:208:24 | 17978774977754553159 | 17978774977754553159 |
|
||||
| test.cs:208:27:208:46 | 17984632978012874803 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:208:27:208:46 | 17984632978012874803 | 17984632978012874803 |
|
||||
| test.cs:208:49:208:68 | 17997967489723066537 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:208:49:208:68 | 17997967489723066537 | 17997967489723066537 |
|
||||
| test.cs:209:5:209:24 | 18147627057830191163 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:209:5:209:24 | 18147627057830191163 | 18147627057830191163 |
|
||||
| test.cs:209:27:209:46 | 18150909006539876521 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:209:27:209:46 | 18150909006539876521 | 18150909006539876521 |
|
||||
| test.cs:209:49:209:68 | 18159703063075866524 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:209:49:209:68 | 18159703063075866524 | 18159703063075866524 |
|
||||
| test.cs:210:5:210:24 | 18246404330670877335 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:210:5:210:24 | 18246404330670877335 | 18246404330670877335 |
|
||||
| test.cs:210:27:210:46 | 18294908219222222902 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:210:27:210:46 | 18294908219222222902 | 18294908219222222902 |
|
||||
| test.cs:210:49:210:68 | 18392881921099771407 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:210:49:210:68 | 18392881921099771407 | 18392881921099771407 |
|
||||
| test.cs:211:5:211:24 | 18446744073709551613 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:211:5:211:24 | 18446744073709551613 | 18446744073709551613 |
|
||||
| test.cs:211:27:211:44 | 191060519014405309 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:211:27:211:44 | 191060519014405309 | 191060519014405309 |
|
||||
| test.cs:211:47:211:65 | 2032008861530788751 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:211:47:211:65 | 2032008861530788751 | 2032008861530788751 |
|
||||
| test.cs:211:68:211:86 | 2128122064571842954 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:211:68:211:86 | 2128122064571842954 | 2128122064571842954 |
|
||||
| test.cs:212:5:212:14 | 2147483647 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:212:5:212:14 | 2147483647 | 2147483647 |
|
||||
| test.cs:212:17:212:26 | 2147745794 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:212:17:212:26 | 2147745794 | 2147745794 |
|
||||
| test.cs:212:29:212:47 | 2380224015317016190 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:212:29:212:47 | 2380224015317016190 | 2380224015317016190 |
|
||||
| test.cs:212:50:212:68 | 2478231962306073784 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:212:50:212:68 | 2478231962306073784 | 2478231962306073784 |
|
||||
| test.cs:213:5:213:23 | 2532538262737333146 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:213:5:213:23 | 2532538262737333146 | 2532538262737333146 |
|
||||
| test.cs:213:26:213:44 | 2589926981877829912 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:213:26:213:44 | 2589926981877829912 | 2589926981877829912 |
|
||||
| test.cs:213:47:213:65 | 2597124982561782591 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:213:47:213:65 | 2597124982561782591 | 2597124982561782591 |
|
||||
| test.cs:213:68:213:86 | 2600364143812063535 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:213:68:213:86 | 2600364143812063535 | 2600364143812063535 |
|
||||
| test.cs:214:5:214:23 | 2717025511528702475 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:214:5:214:23 | 2717025511528702475 | 2717025511528702475 |
|
||||
| test.cs:214:26:214:44 | 2734787258623754862 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:214:26:214:44 | 2734787258623754862 | 2734787258623754862 |
|
||||
| test.cs:214:47:214:63 | 27407921587843457 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:214:47:214:63 | 27407921587843457 | 27407921587843457 |
|
||||
| test.cs:214:66:214:84 | 2760663353550280147 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:214:66:214:84 | 2760663353550280147 | 2760663353550280147 |
|
||||
| test.cs:215:5:215:23 | 2797129108883749491 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:215:5:215:23 | 2797129108883749491 | 2797129108883749491 |
|
||||
| test.cs:215:26:215:44 | 2810460305047003196 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:215:26:215:44 | 2810460305047003196 | 2810460305047003196 |
|
||||
| test.cs:215:47:215:64 | 292198192373389586 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:215:47:215:64 | 292198192373389586 | 292198192373389586 |
|
||||
| test.cs:215:67:215:85 | 2934149816356927366 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:215:67:215:85 | 2934149816356927366 | 2934149816356927366 |
|
||||
| test.cs:216:5:216:23 | 3045986759481489935 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:216:5:216:23 | 3045986759481489935 | 3045986759481489935 |
|
||||
| test.cs:216:26:216:44 | 3178468437029279937 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:216:26:216:44 | 3178468437029279937 | 3178468437029279937 |
|
||||
| test.cs:216:47:216:65 | 3200333496547938354 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:216:47:216:65 | 3200333496547938354 | 3200333496547938354 |
|
||||
| test.cs:216:68:216:86 | 3320026265773918739 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:216:68:216:86 | 3320026265773918739 | 3320026265773918739 |
|
||||
| test.cs:217:5:217:23 | 3320767229281015341 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:217:5:217:23 | 3320767229281015341 | 3320767229281015341 |
|
||||
| test.cs:217:26:217:44 | 3341747963119755850 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:217:26:217:44 | 3341747963119755850 | 3341747963119755850 |
|
||||
| test.cs:217:47:217:65 | 3407972863931386250 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:217:47:217:65 | 3407972863931386250 | 3407972863931386250 |
|
||||
| test.cs:217:68:217:86 | 3413052607651207697 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:217:68:217:86 | 3413052607651207697 | 3413052607651207697 |
|
||||
| test.cs:218:5:218:23 | 3413886037471417852 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:218:5:218:23 | 3413886037471417852 | 3413886037471417852 |
|
||||
| test.cs:218:26:218:44 | 3421197789791424393 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:218:26:218:44 | 3421197789791424393 | 3421197789791424393 |
|
||||
| test.cs:218:47:218:65 | 3421213182954201407 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:218:47:218:65 | 3421213182954201407 | 3421213182954201407 |
|
||||
| test.cs:218:68:218:86 | 3425260965299690882 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:218:68:218:86 | 3425260965299690882 | 3425260965299690882 |
|
||||
| test.cs:219:5:219:23 | 3538022140597504361 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:219:5:219:23 | 3538022140597504361 | 3538022140597504361 |
|
||||
| test.cs:219:26:219:44 | 3575761800716667678 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:219:26:219:44 | 3575761800716667678 | 3575761800716667678 |
|
||||
| test.cs:219:47:219:65 | 3588624367609827560 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:219:47:219:65 | 3588624367609827560 | 3588624367609827560 |
|
||||
| test.cs:219:68:219:86 | 3626142665768487764 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:219:68:219:86 | 3626142665768487764 | 3626142665768487764 |
|
||||
| test.cs:220:5:220:23 | 3642525650883269872 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:220:5:220:23 | 3642525650883269872 | 3642525650883269872 |
|
||||
| test.cs:220:26:220:44 | 3656637464651387014 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:220:26:220:44 | 3656637464651387014 | 3656637464651387014 |
|
||||
| test.cs:220:47:220:65 | 3660705254426876796 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:220:47:220:65 | 3660705254426876796 | 3660705254426876796 |
|
||||
| test.cs:220:68:220:86 | 3769837838875367802 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:220:68:220:86 | 3769837838875367802 | 3769837838875367802 |
|
||||
| test.cs:221:5:221:23 | 3778500091710709090 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:221:5:221:23 | 3778500091710709090 | 3778500091710709090 |
|
||||
| test.cs:221:26:221:44 | 3796405623695665524 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:221:26:221:44 | 3796405623695665524 | 3796405623695665524 |
|
||||
| test.cs:221:47:221:65 | 3869935012404164040 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:221:47:221:65 | 3869935012404164040 | 3869935012404164040 |
|
||||
| test.cs:221:68:221:86 | 3890769468012566366 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:221:68:221:86 | 3890769468012566366 | 3890769468012566366 |
|
||||
| test.cs:222:5:222:23 | 3890794756780010537 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:222:5:222:23 | 3890794756780010537 | 3890794756780010537 |
|
||||
| test.cs:222:26:222:43 | 397780960855462669 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:222:26:222:43 | 397780960855462669 | 397780960855462669 |
|
||||
| test.cs:222:46:222:64 | 4030236413975199654 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:222:46:222:64 | 4030236413975199654 | 4030236413975199654 |
|
||||
| test.cs:222:67:222:85 | 4088976323439621041 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:222:67:222:85 | 4088976323439621041 | 4088976323439621041 |
|
||||
| test.cs:223:5:223:23 | 4454255944391929578 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:223:5:223:23 | 4454255944391929578 | 4454255944391929578 |
|
||||
| test.cs:223:26:223:44 | 4501656691368064027 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:223:26:223:44 | 4501656691368064027 | 4501656691368064027 |
|
||||
| test.cs:223:47:223:65 | 4578480846255629462 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:223:47:223:65 | 4578480846255629462 | 4578480846255629462 |
|
||||
| test.cs:223:68:223:86 | 4821863173800309721 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:223:68:223:86 | 4821863173800309721 | 4821863173800309721 |
|
||||
| test.cs:224:5:224:23 | 4931721628717906635 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:224:5:224:23 | 4931721628717906635 | 4931721628717906635 |
|
||||
| test.cs:224:26:224:43 | 506634811745884560 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:224:26:224:43 | 506634811745884560 | 506634811745884560 |
|
||||
| test.cs:224:46:224:64 | 5132256620104998637 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:224:46:224:64 | 5132256620104998637 | 5132256620104998637 |
|
||||
| test.cs:224:67:224:85 | 5183687599225757871 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:224:67:224:85 | 5183687599225757871 | 5183687599225757871 |
|
||||
| test.cs:225:5:225:22 | 521157249538507889 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:225:5:225:22 | 521157249538507889 | 521157249538507889 |
|
||||
| test.cs:225:25:225:43 | 5219431737322569038 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:225:25:225:43 | 5219431737322569038 | 5219431737322569038 |
|
||||
| test.cs:225:46:225:63 | 541172992193764396 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:225:46:225:63 | 541172992193764396 | 541172992193764396 |
|
||||
| test.cs:225:66:225:84 | 5415426428750045503 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:225:66:225:84 | 5415426428750045503 | 5415426428750045503 |
|
||||
| test.cs:226:5:226:23 | 5449730069165757263 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:226:5:226:23 | 5449730069165757263 | 5449730069165757263 |
|
||||
| test.cs:226:26:226:44 | 5587557070429522647 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:226:26:226:44 | 5587557070429522647 | 5587557070429522647 |
|
||||
| test.cs:226:47:226:65 | 5614586596107908838 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:226:47:226:65 | 5614586596107908838 | 5614586596107908838 |
|
||||
| test.cs:226:68:226:85 | 576626207276463000 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:226:68:226:85 | 576626207276463000 | 576626207276463000 |
|
||||
| test.cs:227:5:227:23 | 5942282052525294911 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:227:5:227:23 | 5942282052525294911 | 5942282052525294911 |
|
||||
| test.cs:227:26:227:44 | 5945487981219695001 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:227:26:227:44 | 5945487981219695001 | 5945487981219695001 |
|
||||
| test.cs:227:47:227:65 | 5984963105389676759 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:227:47:227:65 | 5984963105389676759 | 5984963105389676759 |
|
||||
| test.cs:227:68:227:85 | 607197993339007484 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:227:68:227:85 | 607197993339007484 | 607197993339007484 |
|
||||
| test.cs:228:5:228:23 | 6088115528707848728 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:228:5:228:23 | 6088115528707848728 | 6088115528707848728 |
|
||||
| test.cs:228:26:228:44 | 6116246686670134098 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:228:26:228:44 | 6116246686670134098 | 6116246686670134098 |
|
||||
| test.cs:228:47:228:65 | 6180361713414290679 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:228:47:228:65 | 6180361713414290679 | 6180361713414290679 |
|
||||
| test.cs:228:68:228:86 | 6195833633417633900 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:228:68:228:86 | 6195833633417633900 | 6195833633417633900 |
|
||||
| test.cs:229:5:229:23 | 6274014997237900919 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:229:5:229:23 | 6274014997237900919 | 6274014997237900919 |
|
||||
| test.cs:229:26:229:43 | 640589622539783622 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:229:26:229:43 | 640589622539783622 | 640589622539783622 |
|
||||
| test.cs:229:46:229:64 | 6461429591783621719 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:229:46:229:64 | 6461429591783621719 | 6461429591783621719 |
|
||||
| test.cs:229:67:229:85 | 6491986958834001955 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:229:67:229:85 | 6491986958834001955 | 6491986958834001955 |
|
||||
| test.cs:230:5:230:23 | 6508141243778577344 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:230:5:230:23 | 6508141243778577344 | 6508141243778577344 |
|
||||
| test.cs:230:26:230:44 | 6605813339339102567 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:230:26:230:44 | 6605813339339102567 | 6605813339339102567 |
|
||||
| test.cs:230:47:230:64 | 682250828679635420 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:230:47:230:64 | 682250828679635420 | 682250828679635420 |
|
||||
| test.cs:230:67:230:85 | 6827032273910657891 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:230:67:230:85 | 6827032273910657891 | 6827032273910657891 |
|
||||
| test.cs:231:5:231:23 | 6943102301517884811 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:231:5:231:23 | 6943102301517884811 | 6943102301517884811 |
|
||||
| test.cs:231:26:231:43 | 700598796416086955 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:231:26:231:43 | 700598796416086955 | 700598796416086955 |
|
||||
| test.cs:231:46:231:64 | 7080175711202577138 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:231:46:231:64 | 7080175711202577138 | 7080175711202577138 |
|
||||
| test.cs:231:67:231:85 | 7175363135479931834 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:231:67:231:85 | 7175363135479931834 | 7175363135479931834 |
|
||||
| test.cs:232:5:232:23 | 7315838824213522000 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:232:5:232:23 | 7315838824213522000 | 7315838824213522000 |
|
||||
| test.cs:232:26:232:44 | 7412338704062093516 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:232:26:232:44 | 7412338704062093516 | 7412338704062093516 |
|
||||
| test.cs:232:47:232:65 | 7516148236133302073 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:232:47:232:65 | 7516148236133302073 | 7516148236133302073 |
|
||||
| test.cs:232:68:232:86 | 7574774749059321801 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:232:68:232:86 | 7574774749059321801 | 7574774749059321801 |
|
||||
| test.cs:233:5:233:23 | 7701683279824397773 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:233:5:233:23 | 7701683279824397773 | 7701683279824397773 |
|
||||
| test.cs:233:26:233:44 | 7775177810774851294 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:233:26:233:44 | 7775177810774851294 | 7775177810774851294 |
|
||||
| test.cs:233:47:233:65 | 7810436520414958497 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:233:47:233:65 | 7810436520414958497 | 7810436520414958497 |
|
||||
| test.cs:233:68:233:86 | 7878537243757499832 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:233:68:233:86 | 7878537243757499832 | 7878537243757499832 |
|
||||
| test.cs:234:5:234:21 | 79089792725215063 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:234:5:234:21 | 79089792725215063 | 79089792725215063 |
|
||||
| test.cs:234:24:234:42 | 7982848972385914508 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:234:24:234:42 | 7982848972385914508 | 7982848972385914508 |
|
||||
| test.cs:234:45:234:63 | 8052533790968282297 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:234:45:234:63 | 8052533790968282297 | 8052533790968282297 |
|
||||
| test.cs:234:66:234:84 | 8129411991672431889 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:234:66:234:84 | 8129411991672431889 | 8129411991672431889 |
|
||||
| test.cs:235:5:235:23 | 8146185202538899243 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:235:5:235:23 | 8146185202538899243 | 8146185202538899243 |
|
||||
| test.cs:235:26:235:43 | 835151375515278827 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:235:26:235:43 | 835151375515278827 | 835151375515278827 |
|
||||
| test.cs:235:46:235:64 | 8381292265993977266 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:235:46:235:64 | 8381292265993977266 | 8381292265993977266 |
|
||||
| test.cs:235:67:235:85 | 8408095252303317471 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:235:67:235:85 | 8408095252303317471 | 8408095252303317471 |
|
||||
| test.cs:236:5:236:23 | 8473756179280619170 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:236:5:236:23 | 8473756179280619170 | 8473756179280619170 |
|
||||
| test.cs:236:26:236:44 | 8478833628889826985 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:236:26:236:44 | 8478833628889826985 | 8478833628889826985 |
|
||||
| test.cs:236:47:236:65 | 8612208440357175863 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:236:47:236:65 | 8612208440357175863 | 8612208440357175863 |
|
||||
| test.cs:236:68:236:86 | 8697424601205169055 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:236:68:236:86 | 8697424601205169055 | 8697424601205169055 |
|
||||
| test.cs:237:5:237:23 | 8698326794961817906 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:237:5:237:23 | 8698326794961817906 | 8698326794961817906 |
|
||||
| test.cs:237:26:237:44 | 8709004393777297355 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:237:26:237:44 | 8709004393777297355 | 8709004393777297355 |
|
||||
| test.cs:237:47:237:65 | 8727477769544302060 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:237:47:237:65 | 8727477769544302060 | 8727477769544302060 |
|
||||
| test.cs:237:68:237:86 | 8760312338504300643 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:237:68:237:86 | 8760312338504300643 | 8760312338504300643 |
|
||||
| test.cs:238:5:238:23 | 8799118153397725683 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:238:5:238:23 | 8799118153397725683 | 8799118153397725683 |
|
||||
| test.cs:238:26:238:44 | 8873858923435176895 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:238:26:238:44 | 8873858923435176895 | 8873858923435176895 |
|
||||
| test.cs:238:47:238:65 | 8994091295115840290 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:238:47:238:65 | 8994091295115840290 | 8994091295115840290 |
|
||||
| test.cs:238:68:238:86 | 9007106680104765185 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:238:68:238:86 | 9007106680104765185 | 9007106680104765185 |
|
||||
| test.cs:239:5:239:23 | 9061219083560670602 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:239:5:239:23 | 9061219083560670602 | 9061219083560670602 |
|
||||
| test.cs:239:26:239:44 | 9149947745824492274 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:239:26:239:44 | 9149947745824492274 | 9149947745824492274 |
|
||||
| test.cs:239:47:239:64 | 917638920165491138 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:239:47:239:64 | 917638920165491138 | 917638920165491138 |
|
||||
| test.cs:239:67:239:85 | 9234894663364701749 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:239:67:239:85 | 9234894663364701749 | 9234894663364701749 |
|
||||
| test.cs:240:5:240:23 | 9333057603143916814 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:240:5:240:23 | 9333057603143916814 | 9333057603143916814 |
|
||||
| test.cs:240:26:240:44 | 9384605490088500348 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:240:26:240:44 | 9384605490088500348 | 9384605490088500348 |
|
||||
| test.cs:240:47:240:65 | 9531326785919727076 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:240:47:240:65 | 9531326785919727076 | 9531326785919727076 |
|
||||
| test.cs:240:68:240:86 | 9555688264681862794 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:240:68:240:86 | 9555688264681862794 | 9555688264681862794 |
|
||||
| test.cs:241:5:241:23 | 9559632696372799208 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:241:5:241:23 | 9559632696372799208 | 9559632696372799208 |
|
||||
| test.cs:241:26:241:44 | 9903758755917170407 | The Hash literal $@ may be related to the Solorigate campaign. Total count = 243 is above the threshold 5. | test.cs:241:26:241:44 | 9903758755917170407 | 9903758755917170407 |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/campaign/Solorigate/NumberOfKnownHashesAboveThreshold.ql
|
||||
@@ -0,0 +1,140 @@
|
||||
| test.cs:247:4:247:35 | "(?i)([^a-z]\|^)(test)([^a-z]\|$)" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:4:247:35 | "(?i)([^a-z]\|^)(test)([^a-z]\|$)" | (?i)([^a-z]\|^)(test)([^a-z]\|$) |
|
||||
| test.cs:247:38:247:55 | "(?i)(solarwinds)" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:38:247:55 | "(?i)(solarwinds)" | (?i)(solarwinds) |
|
||||
| test.cs:247:58:247:96 | "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:58:247:96 | "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n" | [{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n |
|
||||
| test.cs:248:4:248:18 | "[{0,5}] {1}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:248:4:248:18 | "[{0,5}] {1}\n" | [{0,5}] {1}\n |
|
||||
| test.cs:248:21:248:37 | "[E] {0} {1} {2}" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:248:21:248:37 | "[E] {0} {1} {2}" | [E] {0} {1} {2} |
|
||||
| test.cs:249:4:249:62 | "\\"\\{[0-9a-f-]{36}\\}\\"\|\\"[0-9a-f]{32}\\"\|\\"[0-9a-f]{16}\\"" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:4:249:62 | "\\"\\{[0-9a-f-]{36}\\}\\"\|\\"[0-9a-f]{32}\\"\|\\"[0-9a-f]{16}\\"" | "\\{[0-9a-f-]{36}\\}"\|"[0-9a-f]{32}"\|"[0-9a-f]{16}" |
|
||||
| test.cs:249:65:249:79 | ".CortexPlugin" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:65:249:79 | ".CortexPlugin" | .CortexPlugin |
|
||||
| test.cs:249:82:249:89 | ".Orion" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:82:249:89 | ".Orion" | .Orion |
|
||||
| test.cs:250:4:250:36 | "\\"EventName\\":\\"EventManager\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:250:4:250:36 | "\\"EventName\\":\\"EventManager\\"," | "EventName":"EventManager", |
|
||||
| test.cs:250:39:250:64 | "\\"EventType\\":\\"Orion\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:250:39:250:64 | "\\"EventType\\":\\"Orion\\"," | "EventType":"Orion", |
|
||||
| test.cs:251:4:251:56 | "\\OrionImprovement\\SolarWinds.OrionImprovement.exe" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:251:4:251:56 | "\\OrionImprovement\\SolarWinds.OrionImprovement.exe" | \\OrionImprovement\\SolarWinds.OrionImprovement.exe |
|
||||
| test.cs:252:4:252:44 | "0123456789abcdefghijklmnopqrstuvwxyz-_." | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:4:252:44 | "0123456789abcdefghijklmnopqrstuvwxyz-_." | 0123456789abcdefghijklmnopqrstuvwxyz-_. |
|
||||
| test.cs:252:47:252:70 | "\\"sessionId\\":\\"{0}\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:47:252:70 | "\\"sessionId\\":\\"{0}\\"," | "sessionId":"{0}", |
|
||||
| test.cs:252:73:252:85 | "\\"steps\\":[" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:73:252:85 | "\\"steps\\":[" | "steps":[ |
|
||||
| test.cs:253:4:253:24 | "\\"Succeeded\\":true," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:4:253:24 | "\\"Succeeded\\":true," | "Succeeded":true, |
|
||||
| test.cs:253:27:253:62 | "\\"Timestamp\\":\\"\\/Date({0})\\/\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:27:253:62 | "\\"Timestamp\\":\\"\\/Date({0})\\/\\"," | "Timestamp":"\\/Date({0})\\/", |
|
||||
| test.cs:253:65:253:85 | "\\"userId\\":\\"{0}\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:65:253:85 | "\\"userId\\":\\"{0}\\"," | "userId":"{0}", |
|
||||
| test.cs:254:4:254:23 | "{0} {1} HTTP/{2}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:4:254:23 | "{0} {1} HTTP/{2}\n" | {0} {1} HTTP/{2}\n |
|
||||
| test.cs:254:26:254:32 | "10140" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:26:254:32 | "10140" | 10140 |
|
||||
| test.cs:254:35:254:48 | "144.86.226.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:35:254:48 | "144.86.226.0" | 144.86.226.0 |
|
||||
| test.cs:254:51:254:65 | "154.118.140.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:51:254:65 | "154.118.140.0" | 154.118.140.0 |
|
||||
| test.cs:254:68:254:79 | "172.16.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:68:254:79 | "172.16.0.0" | 172.16.0.0 |
|
||||
| test.cs:254:82:254:93 | "18.130.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:82:254:93 | "18.130.0.0" | 18.130.0.0 |
|
||||
| test.cs:255:4:255:15 | "184.72.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:4:255:15 | "184.72.0.0" | 184.72.0.0 |
|
||||
| test.cs:255:18:255:30 | "192.168.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:18:255:30 | "192.168.0.0" | 192.168.0.0 |
|
||||
| test.cs:255:33:255:47 | "199.201.117.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:33:255:47 | "199.201.117.0" | 199.201.117.0 |
|
||||
| test.cs:255:50:255:61 | "20.140.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:50:255:61 | "20.140.0.0" | 20.140.0.0 |
|
||||
| test.cs:255:64:255:70 | "20100" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:64:255:70 | "20100" | 20100 |
|
||||
| test.cs:255:73:255:79 | "20220" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:73:255:79 | "20220" | 20220 |
|
||||
| test.cs:255:82:255:94 | "217.163.7.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:82:255:94 | "217.163.7.0" | 217.163.7.0 |
|
||||
| test.cs:256:4:256:14 | "224.0.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:4:256:14 | "224.0.0.0" | 224.0.0.0 |
|
||||
| test.cs:256:17:256:27 | "240.0.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:17:256:27 | "240.0.0.0" | 240.0.0.0 |
|
||||
| test.cs:256:30:256:42 | "255.240.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:30:256:42 | "255.240.0.0" | 255.240.0.0 |
|
||||
| test.cs:256:45:256:57 | "255.254.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:45:256:57 | "255.254.0.0" | 255.254.0.0 |
|
||||
| test.cs:256:60:256:74 | "255.255.248.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:60:256:74 | "255.255.248.0" | 255.255.248.0 |
|
||||
| test.cs:256:77:256:87 | "3.0.0.382" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:77:256:87 | "3.0.0.382" | 3.0.0.382 |
|
||||
| test.cs:257:4:257:16 | "41.84.159.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:4:257:16 | "41.84.159.0" | 41.84.159.0 |
|
||||
| test.cs:257:19:257:25 | "43140" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:19:257:25 | "43140" | 43140 |
|
||||
| test.cs:257:28:257:33 | "4320" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:28:257:33 | "4320" | 4320 |
|
||||
| test.cs:257:36:257:42 | "43260" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:36:257:42 | "43260" | 43260 |
|
||||
| test.cs:257:45:257:52 | "524287" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:45:257:52 | "524287" | 524287 |
|
||||
| test.cs:257:55:257:92 | "583da945-62af-10e8-4902-a8f205c72b2e" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:55:257:92 | "583da945-62af-10e8-4902-a8f205c72b2e" | 583da945-62af-10e8-4902-a8f205c72b2e |
|
||||
| test.cs:258:4:258:10 | "65280" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:4:258:10 | "65280" | 65280 |
|
||||
| test.cs:258:13:258:25 | "71.152.53.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:13:258:25 | "71.152.53.0" | 71.152.53.0 |
|
||||
| test.cs:258:28:258:40 | "74.114.24.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:28:258:40 | "74.114.24.0" | 74.114.24.0 |
|
||||
| test.cs:258:43:258:54 | "8.18.144.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:43:258:54 | "8.18.144.0" | 8.18.144.0 |
|
||||
| test.cs:258:57:258:69 | "87.238.80.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:57:258:69 | "87.238.80.0" | 87.238.80.0 |
|
||||
| test.cs:258:72:258:84 | "96.31.172.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:72:258:84 | "96.31.172.0" | 96.31.172.0 |
|
||||
| test.cs:258:87:258:94 | "983040" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:87:258:94 | "983040" | 983040 |
|
||||
| test.cs:259:4:259:14 | "99.79.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:4:259:14 | "99.79.0.0" | 99.79.0.0 |
|
||||
| test.cs:259:17:259:31 | "Administrator" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:17:259:31 | "Administrator" | Administrator |
|
||||
| test.cs:259:34:259:47 | "advapi32.dll" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:34:259:47 | "advapi32.dll" | advapi32.dll |
|
||||
| test.cs:259:50:259:57 | "Apollo" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:50:259:57 | "Apollo" | Apollo |
|
||||
| test.cs:259:60:259:72 | "appsync-api" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:60:259:72 | "appsync-api" | appsync-api |
|
||||
| test.cs:259:75:259:90 | "avsvmcloud.com" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:75:259:90 | "avsvmcloud.com" | avsvmcloud.com |
|
||||
| test.cs:260:4:260:23 | "api.solarwinds.com" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:4:260:23 | "api.solarwinds.com" | api.solarwinds.com |
|
||||
| test.cs:260:26:260:32 | "-root" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:26:260:32 | "-root" | -root |
|
||||
| test.cs:260:35:260:41 | "-cert" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:35:260:41 | "-cert" | -cert |
|
||||
| test.cs:260:44:260:58 | "-universal_ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:44:260:58 | "-universal_ca" | -universal_ca |
|
||||
| test.cs:260:61:260:65 | "-ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:61:260:65 | "-ca" | -ca |
|
||||
| test.cs:260:68:260:80 | "-primary_ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:68:260:80 | "-primary_ca" | -primary_ca |
|
||||
| test.cs:260:83:260:94 | "-timestamp" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:83:260:94 | "-timestamp" | -timestamp |
|
||||
| test.cs:261:4:261:12 | "-global" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:4:261:12 | "-global" | -global |
|
||||
| test.cs:261:15:261:25 | "-secureca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:15:261:25 | "-secureca" | -secureca |
|
||||
| test.cs:261:28:261:44 | "CloudMonitoring" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:28:261:44 | "CloudMonitoring" | CloudMonitoring |
|
||||
| test.cs:261:47:261:58 | "MACAddress" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:47:261:58 | "MACAddress" | MACAddress |
|
||||
| test.cs:261:61:261:73 | "DHCPEnabled" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:61:261:73 | "DHCPEnabled" | DHCPEnabled |
|
||||
| test.cs:261:76:261:87 | "DHCPServer" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:76:261:87 | "DHCPServer" | DHCPServer |
|
||||
| test.cs:262:4:262:16 | "DNSHostName" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:4:262:16 | "DNSHostName" | DNSHostName |
|
||||
| test.cs:262:19:262:46 | "DNSDomainSuffixSearchOrder" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:19:262:46 | "DNSDomainSuffixSearchOrder" | DNSDomainSuffixSearchOrder |
|
||||
| test.cs:262:49:262:70 | "DNSServerSearchOrder" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:49:262:70 | "DNSServerSearchOrder" | DNSServerSearchOrder |
|
||||
| test.cs:262:73:262:83 | "IPAddress" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:73:262:83 | "IPAddress" | IPAddress |
|
||||
| test.cs:262:86:262:95 | "IPSubnet" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:86:262:95 | "IPSubnet" | IPSubnet |
|
||||
| test.cs:263:4:263:21 | "DefaultIPGateway" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:4:263:21 | "DefaultIPGateway" | DefaultIPGateway |
|
||||
| test.cs:263:24:263:39 | "OSArchitecture" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:24:263:39 | "OSArchitecture" | OSArchitecture |
|
||||
| test.cs:263:42:263:54 | "InstallDate" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:42:263:54 | "InstallDate" | InstallDate |
|
||||
| test.cs:263:57:263:70 | "Organization" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:57:263:70 | "Organization" | Organization |
|
||||
| test.cs:263:73:263:88 | "RegisteredUser" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:73:263:88 | "RegisteredUser" | RegisteredUser |
|
||||
| test.cs:264:4:264:11 | "fc00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:4:264:11 | "fc00::" | fc00:: |
|
||||
| test.cs:264:14:264:21 | "fe00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:14:264:21 | "fe00::" | fe00:: |
|
||||
| test.cs:264:24:264:31 | "fec0::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:24:264:31 | "fec0::" | fec0:: |
|
||||
| test.cs:264:34:264:41 | "ffc0::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:34:264:41 | "ffc0::" | ffc0:: |
|
||||
| test.cs:264:44:264:51 | "ff00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:44:264:51 | "ff00::" | ff00:: |
|
||||
| test.cs:264:54:264:59 | "HKCC" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:54:264:59 | "HKCC" | HKCC |
|
||||
| test.cs:264:62:264:67 | "HKCR" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:62:264:67 | "HKCR" | HKCR |
|
||||
| test.cs:264:70:264:75 | "HKCU" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:70:264:75 | "HKCU" | HKCU |
|
||||
| test.cs:264:78:264:83 | "HKDD" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:78:264:83 | "HKDD" | HKDD |
|
||||
| test.cs:265:4:265:22 | "HKEY_CLASSES_ROOT" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:4:265:22 | "HKEY_CLASSES_ROOT" | HKEY_CLASSES_ROOT |
|
||||
| test.cs:265:25:265:45 | "HKEY_CURRENT_CONFIG" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:25:265:45 | "HKEY_CURRENT_CONFIG" | HKEY_CURRENT_CONFIG |
|
||||
| test.cs:265:48:265:66 | "HKEY_CURRENT_USER" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:48:265:66 | "HKEY_CURRENT_USER" | HKEY_CURRENT_USER |
|
||||
| test.cs:265:69:265:83 | "HKEY_DYN_DATA" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:69:265:83 | "HKEY_DYN_DATA" | HKEY_DYN_DATA |
|
||||
| test.cs:266:4:266:23 | "HKEY_LOCAL_MACHINE" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:4:266:23 | "HKEY_LOCAL_MACHINE" | HKEY_LOCAL_MACHINE |
|
||||
| test.cs:266:26:266:80 | "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:26:266:80 | "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography" | HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography |
|
||||
| test.cs:267:4:267:25 | "HKEY_PERFOMANCE_DATA" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:4:267:25 | "HKEY_PERFOMANCE_DATA" | HKEY_PERFOMANCE_DATA |
|
||||
| test.cs:267:28:267:39 | "HKEY_USERS" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:28:267:39 | "HKEY_USERS" | HKEY_USERS |
|
||||
| test.cs:267:42:267:47 | "HKLM" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:42:267:47 | "HKLM" | HKLM |
|
||||
| test.cs:267:50:267:55 | "HKPD" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:50:267:55 | "HKPD" | HKPD |
|
||||
| test.cs:267:58:267:62 | "HKU" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:58:267:62 | "HKU" | HKU |
|
||||
| test.cs:267:65:267:79 | "If-None-Match" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:65:267:79 | "If-None-Match" | If-None-Match |
|
||||
| test.cs:268:4:268:25 | "Microsoft-CryptoAPI/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:4:268:25 | "Microsoft-CryptoAPI/" | Microsoft-CryptoAPI/ |
|
||||
| test.cs:268:28:268:34 | "Nodes" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:28:268:34 | "Nodes" | Nodes |
|
||||
| test.cs:268:37:268:45 | "Volumes" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:37:268:45 | "Volumes" | Volumes |
|
||||
| test.cs:268:48:268:59 | "Interfaces" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:48:268:59 | "Interfaces" | Interfaces |
|
||||
| test.cs:268:62:268:73 | "Components" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:62:268:73 | "Components" | Components |
|
||||
| test.cs:268:76:268:85 | "opensans" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:76:268:85 | "opensans" | opensans |
|
||||
| test.cs:269:4:269:17 | "Organization" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:4:269:17 | "Organization" | Organization |
|
||||
| test.cs:269:20:269:35 | "OSArchitecture" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:20:269:35 | "OSArchitecture" | OSArchitecture |
|
||||
| test.cs:269:38:269:54 | "ParentProcessID" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:38:269:54 | "ParentProcessID" | ParentProcessID |
|
||||
| test.cs:269:57:269:66 | "PathName" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:57:269:66 | "PathName" | PathName |
|
||||
| test.cs:269:69:269:91 | "ReportWatcherPostpone" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:69:269:91 | "ReportWatcherPostpone" | ReportWatcherPostpone |
|
||||
| test.cs:270:4:270:23 | "ReportWatcherRetry" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:4:270:23 | "ReportWatcherRetry" | ReportWatcherRetry |
|
||||
| test.cs:270:26:270:33 | "S-1-5-" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:26:270:33 | "S-1-5-" | S-1-5- |
|
||||
| test.cs:270:36:270:55 | "SeRestorePrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:36:270:55 | "SeRestorePrivilege" | SeRestorePrivilege |
|
||||
| test.cs:270:58:270:78 | "SeShutdownPrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:58:270:78 | "SeShutdownPrivilege" | SeShutdownPrivilege |
|
||||
| test.cs:271:4:271:29 | "SeTakeOwnershipPrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:4:271:29 | "SeTakeOwnershipPrivilege" | SeTakeOwnershipPrivilege |
|
||||
| test.cs:271:32:271:43 | "SolarWinds" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:32:271:43 | "SolarWinds" | SolarWinds |
|
||||
| test.cs:271:46:271:80 | "SolarWindsOrionImprovementClient/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:46:271:80 | "SolarWindsOrionImprovementClient/" | SolarWindsOrionImprovementClient/ |
|
||||
| test.cs:272:4:272:18 | "SourceCodePro" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:4:272:18 | "SourceCodePro" | SourceCodePro |
|
||||
| test.cs:272:21:272:35 | "SourceHanSans" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:21:272:35 | "SourceHanSans" | SourceHanSans |
|
||||
| test.cs:272:38:272:53 | "SourceHanSerif" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:38:272:53 | "SourceHanSerif" | SourceHanSerif |
|
||||
| test.cs:272:56:272:71 | "SourceSerifPro" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:56:272:71 | "SourceSerifPro" | SourceSerifPro |
|
||||
| test.cs:272:74:272:80 | "Start" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:74:272:80 | "Start" | Start |
|
||||
| test.cs:272:83:272:95 | "swip/Events" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:83:272:95 | "swip/Events" | swip/Events |
|
||||
| test.cs:273:4:273:14 | "swip/upd/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:4:273:14 | "swip/upd/" | swip/upd/ |
|
||||
| test.cs:273:17:273:34 | "swip/Upload.ashx" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:17:273:34 | "swip/Upload.ashx" | swip/Upload.ashx |
|
||||
| test.cs:273:37:273:44 | "SYSTEM" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:37:273:44 | "SYSTEM" | SYSTEM |
|
||||
| test.cs:273:47:273:83 | "SYSTEM\\CurrentControlSet\\services" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:47:273:83 | "SYSTEM\\CurrentControlSet\\services" | SYSTEM\\CurrentControlSet\\services |
|
||||
| test.cs:273:86:273:96 | "us-east-1" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:86:273:96 | "us-east-1" | us-east-1 |
|
||||
| test.cs:274:4:274:14 | "us-east-2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:4:274:14 | "us-east-2" | us-east-2 |
|
||||
| test.cs:274:17:274:27 | "us-west-2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:17:274:27 | "us-west-2" | us-west-2 |
|
||||
| test.cs:274:30:274:62 | "fonts/woff/{0}-{1}-{2}{3}.woff2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:30:274:62 | "fonts/woff/{0}-{1}-{2}{3}.woff2" | fonts/woff/{0}-{1}-{2}{3}.woff2 |
|
||||
| test.cs:275:4:275:44 | "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:275:4:275:44 | "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2" | fonts/woff/{0}-{1}-{2}-webfont{3}.woff2 |
|
||||
| test.cs:275:47:275:80 | "ph2eifo3n5utg1j8d94qrvbmk0sal76c" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:275:47:275:80 | "ph2eifo3n5utg1j8d94qrvbmk0sal76c" | ph2eifo3n5utg1j8d94qrvbmk0sal76c |
|
||||
| test.cs:276:4:276:26 | "pki/crl/{0}{1}{2}.crl" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:276:4:276:26 | "pki/crl/{0}{1}{2}.crl" | pki/crl/{0}{1}{2}.crl |
|
||||
| test.cs:276:29:276:65 | "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:276:29:276:65 | "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" | rq3gsalt6u1iyfzop572d49bnx8cvmkewhj |
|
||||
| test.cs:277:4:277:73 | "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:277:4:277:73 | "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true" | Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true |
|
||||
| test.cs:278:4:278:40 | "Select * From Win32_OperatingSystem" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:278:4:278:40 | "Select * From Win32_OperatingSystem" | Select * From Win32_OperatingSystem |
|
||||
| test.cs:278:43:278:71 | "Select * From Win32_Process" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:278:43:278:71 | "Select * From Win32_Process" | Select * From Win32_Process |
|
||||
| test.cs:279:4:279:37 | "Select * From Win32_SystemDriver" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:279:4:279:37 | "Select * From Win32_SystemDriver" | Select * From Win32_SystemDriver |
|
||||
| test.cs:279:40:279:72 | "Select * From Win32_UserAccount" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:279:40:279:72 | "Select * From Win32_UserAccount" | Select * From Win32_UserAccount |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/campaign/Solorigate/NumberOfKnownLiteralsAboveThreshold.ql
|
||||
@@ -0,0 +1,104 @@
|
||||
| test.cs:66:7:66:11 | Abort | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:66:7:66:11 | Abort | Abort |
|
||||
| test.cs:67:7:67:28 | AddFileExecutionEngine | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:67:7:67:28 | AddFileExecutionEngine | AddFileExecutionEngine |
|
||||
| test.cs:68:7:68:32 | AddRegistryExecutionEngine | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:68:7:68:32 | AddRegistryExecutionEngine | AddRegistryExecutionEngine |
|
||||
| test.cs:69:7:69:27 | AdjustTokenPrivileges | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:69:7:69:27 | AdjustTokenPrivileges | AdjustTokenPrivileges |
|
||||
| test.cs:70:7:70:18 | Base64Decode | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:70:7:70:18 | Base64Decode | Base64Decode |
|
||||
| test.cs:71:7:71:18 | Base64Encode | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:71:7:71:18 | Base64Encode | Base64Encode |
|
||||
| test.cs:72:7:72:26 | ByteArrayToHexString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:72:7:72:26 | ByteArrayToHexString | ByteArrayToHexString |
|
||||
| test.cs:73:7:73:27 | CheckServerConnection | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:73:7:73:27 | CheckServerConnection | CheckServerConnection |
|
||||
| test.cs:74:7:74:11 | Close | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:74:7:74:11 | Close | Close |
|
||||
| test.cs:75:7:75:17 | CloseHandle | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:75:7:75:17 | CloseHandle | CloseHandle |
|
||||
| test.cs:76:7:76:30 | CollectSystemDescription | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:76:7:76:30 | CollectSystemDescription | CollectSystemDescription |
|
||||
| test.cs:77:7:77:14 | Compress | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:77:7:77:14 | Compress | Compress |
|
||||
| test.cs:78:7:78:24 | CreateSecureString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:78:7:78:24 | CreateSecureString | CreateSecureString |
|
||||
| test.cs:79:7:79:18 | CreateString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:79:7:79:18 | CreateString | CreateString |
|
||||
| test.cs:80:7:80:25 | CreateUploadRequest | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:80:7:80:25 | CreateUploadRequest | CreateUploadRequest |
|
||||
| test.cs:81:7:81:29 | CreateUploadRequestImpl | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:81:7:81:29 | CreateUploadRequestImpl | CreateUploadRequestImpl |
|
||||
| test.cs:82:7:82:16 | Decompress | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:82:7:82:16 | Decompress | Decompress |
|
||||
| test.cs:83:7:83:18 | DecryptShort | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:83:7:83:18 | DecryptShort | DecryptShort |
|
||||
| test.cs:84:7:84:13 | Deflate | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:84:7:84:13 | Deflate | Deflate |
|
||||
| test.cs:85:7:85:14 | DelayMin | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:85:7:85:14 | DelayMin | DelayMin |
|
||||
| test.cs:86:7:86:13 | DelayMs | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:86:7:86:13 | DelayMs | DelayMs |
|
||||
| test.cs:87:7:87:16 | DeleteFile | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:87:7:87:16 | DeleteFile | DeleteFile |
|
||||
| test.cs:88:7:88:25 | DeleteRegistryValue | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:88:7:88:25 | DeleteRegistryValue | DeleteRegistryValue |
|
||||
| test.cs:89:7:89:17 | DeleteValue | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:89:7:89:17 | DeleteValue | DeleteValue |
|
||||
| test.cs:90:7:90:19 | ExecuteEngine | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:90:7:90:19 | ExecuteEngine | ExecuteEngine |
|
||||
| test.cs:91:7:91:16 | FileExists | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:91:7:91:16 | FileExists | FileExists |
|
||||
| test.cs:92:7:92:18 | GetAddresses | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:92:7:92:18 | GetAddresses | GetAddresses |
|
||||
| test.cs:93:7:93:22 | GetAddressFamily | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:93:7:93:22 | GetAddressFamily | GetAddressFamily |
|
||||
| test.cs:94:7:94:22 | GetArgumentIndex | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:94:7:94:22 | GetArgumentIndex | GetArgumentIndex |
|
||||
| test.cs:95:7:95:16 | GetBaseUri | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:95:7:95:16 | GetBaseUri | GetBaseUri |
|
||||
| test.cs:96:7:96:20 | GetBaseUriImpl | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:96:7:96:20 | GetBaseUriImpl | GetBaseUriImpl |
|
||||
| test.cs:97:7:97:14 | GetCache | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:97:7:97:14 | GetCache | GetCache |
|
||||
| test.cs:98:7:98:23 | GetCurrentProcess | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:98:7:98:23 | GetCurrentProcess | GetCurrentProcess |
|
||||
| test.cs:99:7:99:22 | GetCurrentString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:99:7:99:22 | GetCurrentString | GetCurrentString |
|
||||
| test.cs:100:7:100:22 | GetDescriptionId | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:100:7:100:22 | GetDescriptionId | GetDescriptionId |
|
||||
| test.cs:101:7:101:17 | GetFileHash | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:101:7:101:17 | GetFileHash | GetFileHash |
|
||||
| test.cs:102:7:102:26 | GetFileSystemEntries | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:102:7:102:26 | GetFileSystemEntries | GetFileSystemEntries |
|
||||
| test.cs:103:7:103:13 | GetHash | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:103:7:103:13 | GetHash | GetHash |
|
||||
| test.cs:104:7:104:13 | GetHive | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:104:7:104:13 | GetHive | GetHive |
|
||||
| test.cs:105:7:105:17 | GetIntArray | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:105:7:105:17 | GetIntArray | GetIntArray |
|
||||
| test.cs:106:7:106:20 | GetIPHostEntry | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:106:7:106:20 | GetIPHostEntry | GetIPHostEntry |
|
||||
| test.cs:107:7:107:33 | GetManagementObjectProperty | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:107:7:107:33 | GetManagementObjectProperty | GetManagementObjectProperty |
|
||||
| test.cs:108:7:108:36 | GetNetworkAdapterConfiguration | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:108:7:108:36 | GetNetworkAdapterConfiguration | GetNetworkAdapterConfiguration |
|
||||
| test.cs:109:7:109:21 | GetNewOwnerName | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:109:7:109:21 | GetNewOwnerName | GetNewOwnerName |
|
||||
| test.cs:110:7:110:19 | GetNextString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:110:7:110:19 | GetNextString | GetNextString |
|
||||
| test.cs:111:7:111:21 | GetNextStringEx | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:111:7:111:21 | GetNextStringEx | GetNextStringEx |
|
||||
| test.cs:112:7:112:23 | GetOrCreateUserID | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:112:7:112:23 | GetOrCreateUserID | GetOrCreateUserID |
|
||||
| test.cs:113:7:113:35 | GetOrionImprovementCustomerId | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:113:7:113:35 | GetOrionImprovementCustomerId | GetOrionImprovementCustomerId |
|
||||
| test.cs:114:7:114:18 | GetOSVersion | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:114:7:114:18 | GetOSVersion | GetOSVersion |
|
||||
| test.cs:115:7:115:23 | GetPreviousString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:115:7:115:23 | GetPreviousString | GetPreviousString |
|
||||
| test.cs:116:7:116:29 | GetProcessByDescription | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:116:7:116:29 | GetProcessByDescription | GetProcessByDescription |
|
||||
| test.cs:117:7:117:36 | GetRegistrySubKeyAndValueNames | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:117:7:117:36 | GetRegistrySubKeyAndValueNames | GetRegistrySubKeyAndValueNames |
|
||||
| test.cs:118:7:118:15 | GetStatus | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:118:7:118:15 | GetStatus | GetStatus |
|
||||
| test.cs:119:7:119:19 | GetStringHash | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:119:7:119:19 | GetStringHash | GetStringHash |
|
||||
| test.cs:120:7:120:28 | GetSubKeyAndValueNames | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:120:7:120:28 | GetSubKeyAndValueNames | GetSubKeyAndValueNames |
|
||||
| test.cs:121:7:121:18 | GetUserAgent | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:121:7:121:18 | GetUserAgent | GetUserAgent |
|
||||
| test.cs:122:7:122:14 | GetValue | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:122:7:122:14 | GetValue | GetValue |
|
||||
| test.cs:123:7:123:17 | GetWebProxy | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:123:7:123:17 | GetWebProxy | GetWebProxy |
|
||||
| test.cs:124:7:124:26 | HexStringToByteArray | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:124:7:124:26 | HexStringToByteArray | HexStringToByteArray |
|
||||
| test.cs:125:7:125:13 | Inflate | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:125:7:125:13 | Inflate | Inflate |
|
||||
| test.cs:126:7:126:16 | Initialize | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:126:7:126:16 | Initialize | Initialize |
|
||||
| test.cs:127:7:127:31 | InitiateSystemShutdownExW | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:127:7:127:31 | InitiateSystemShutdownExW | InitiateSystemShutdownExW |
|
||||
| test.cs:128:7:128:25 | IsNullOrInvalidName | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:128:7:128:25 | IsNullOrInvalidName | IsNullOrInvalidName |
|
||||
| test.cs:129:7:129:20 | IsSynchronized | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:129:7:129:20 | IsSynchronized | IsSynchronized |
|
||||
| test.cs:130:7:130:14 | KillTask | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:130:7:130:14 | KillTask | KillTask |
|
||||
| test.cs:131:7:131:27 | LookupPrivilegeValueW | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:131:7:131:27 | LookupPrivilegeValueW | LookupPrivilegeValueW |
|
||||
| test.cs:132:7:132:22 | OpenProcessToken | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:132:7:132:22 | OpenProcessToken | OpenProcessToken |
|
||||
| test.cs:133:7:133:26 | ParseServiceResponse | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:133:7:133:26 | ParseServiceResponse | ParseServiceResponse |
|
||||
| test.cs:134:7:134:11 | Quote | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:134:7:134:11 | Quote | Quote |
|
||||
| test.cs:135:7:135:16 | ReadConfig | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:135:7:135:16 | ReadConfig | ReadConfig |
|
||||
| test.cs:136:7:136:20 | ReadDeviceInfo | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:136:7:136:20 | ReadDeviceInfo | ReadDeviceInfo |
|
||||
| test.cs:137:7:137:23 | ReadRegistryValue | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:137:7:137:23 | ReadRegistryValue | ReadRegistryValue |
|
||||
| test.cs:138:7:138:22 | ReadReportStatus | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:138:7:138:22 | ReadReportStatus | ReadReportStatus |
|
||||
| test.cs:139:7:139:23 | ReadServiceStatus | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:139:7:139:23 | ReadServiceStatus | ReadServiceStatus |
|
||||
| test.cs:140:7:140:20 | RebootComputer | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:140:7:140:20 | RebootComputer | RebootComputer |
|
||||
| test.cs:141:7:141:13 | RunTask | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:141:7:141:13 | RunTask | RunTask |
|
||||
| test.cs:142:7:142:22 | SearchAssemblies | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:142:7:142:22 | SearchAssemblies | SearchAssemblies |
|
||||
| test.cs:143:7:143:26 | SearchConfigurations | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:143:7:143:26 | SearchConfigurations | SearchConfigurations |
|
||||
| test.cs:144:7:144:20 | SearchServices | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:144:7:144:20 | SearchServices | SearchServices |
|
||||
| test.cs:145:7:145:22 | SetAutomaticMode | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:145:7:145:22 | SetAutomaticMode | SetAutomaticMode |
|
||||
| test.cs:146:7:146:17 | SetKeyOwner | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:146:7:146:17 | SetKeyOwner | SetKeyOwner |
|
||||
| test.cs:147:7:147:31 | SetKeyOwnerWithPrivileges | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:147:7:147:31 | SetKeyOwnerWithPrivileges | SetKeyOwnerWithPrivileges |
|
||||
| test.cs:148:7:148:23 | SetKeyPermissions | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:148:7:148:23 | SetKeyPermissions | SetKeyPermissions |
|
||||
| test.cs:149:7:149:19 | SetManualMode | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:149:7:149:19 | SetManualMode | SetManualMode |
|
||||
| test.cs:150:7:150:25 | SetProcessPrivilege | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:150:7:150:25 | SetProcessPrivilege | SetProcessPrivilege |
|
||||
| test.cs:151:7:151:22 | SetRegistryValue | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:151:7:151:22 | SetRegistryValue | SetRegistryValue |
|
||||
| test.cs:152:7:152:13 | SetTime | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:152:7:152:13 | SetTime | SetTime |
|
||||
| test.cs:153:7:153:14 | SetValue | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:153:7:153:14 | SetValue | SetValue |
|
||||
| test.cs:154:7:154:17 | SplitString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:154:7:154:17 | SplitString | SplitString |
|
||||
| test.cs:155:7:155:14 | ToString | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:155:7:155:14 | ToString | ToString |
|
||||
| test.cs:156:7:156:16 | TrackEvent | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:156:7:156:16 | TrackEvent | TrackEvent |
|
||||
| test.cs:157:7:157:20 | TrackProcesses | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:157:7:157:20 | TrackProcesses | TrackProcesses |
|
||||
| test.cs:158:7:158:13 | Unquote | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:158:7:158:13 | Unquote | Unquote |
|
||||
| test.cs:159:7:159:11 | Unzip | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:159:7:159:11 | Unzip | Unzip |
|
||||
| test.cs:160:7:160:12 | Update | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:160:7:160:12 | Update | Update |
|
||||
| test.cs:161:7:161:18 | UpdateBuffer | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:161:7:161:18 | UpdateBuffer | UpdateBuffer |
|
||||
| test.cs:162:7:162:24 | UpdateNotification | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:162:7:162:24 | UpdateNotification | UpdateNotification |
|
||||
| test.cs:163:7:163:29 | UploadSystemDescription | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:163:7:163:29 | UploadSystemDescription | UploadSystemDescription |
|
||||
| test.cs:164:7:164:11 | Valid | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:164:7:164:11 | Valid | Valid |
|
||||
| test.cs:165:7:165:17 | WriteConfig | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:165:7:165:17 | WriteConfig | WriteConfig |
|
||||
| test.cs:166:7:166:15 | WriteFile | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:166:7:166:15 | WriteFile | WriteFile |
|
||||
| test.cs:167:7:167:23 | WriteReportStatus | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:167:7:167:23 | WriteReportStatus | WriteReportStatus |
|
||||
| test.cs:168:7:168:24 | WriteServiceStatus | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:168:7:168:24 | WriteServiceStatus | WriteServiceStatus |
|
||||
| test.cs:169:7:169:9 | Zip | The method $@ may be related to Solorigate. Total count = 104 is above the threshold 50. | test.cs:169:7:169:9 | Zip | Zip |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/campaign/Solorigate/NumberOfKnownMethodNamesAboveThreshold.ql
|
||||
@@ -0,0 +1,3 @@
|
||||
| test.cs:35:3:38:3 | catch {...} | Empty Swallow Everything Exception. |
|
||||
| test.cs:289:3:290:4 | catch {...} | Empty Swallow Everything Exception. |
|
||||
| test.cs:295:3:298:3 | catch (...) {...} | Empty Swallow Everything Exception. |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security Features/campaign/Solorigate/SwallowEverythingExceptionHandler.ql
|
||||
@@ -0,0 +1,309 @@
|
||||
using System;
|
||||
using System.Text;
|
||||
|
||||
|
||||
class FalsePositiveCases
|
||||
{
|
||||
// regular FVN
|
||||
ulong GetRegularFvnHash(string s)
|
||||
{
|
||||
ulong num = 14695981039346656037UL; /* FNV base offset */
|
||||
|
||||
foreach (byte b in Encoding.UTF8.GetBytes(s))
|
||||
{
|
||||
num ^= (ulong)b;
|
||||
num *= 1099511628211UL; /* FNV prime */
|
||||
}
|
||||
|
||||
return num;
|
||||
}
|
||||
}
|
||||
|
||||
class TestCases
|
||||
{
|
||||
ulong GetRegularFvnHash(string s)
|
||||
{
|
||||
ulong num = 14695981039346656037UL;
|
||||
try
|
||||
{
|
||||
foreach (byte b in Encoding.UTF8.GetBytes(s))
|
||||
{
|
||||
num ^= (ulong)b;
|
||||
num *= 1099511628211UL;
|
||||
}
|
||||
}
|
||||
catch // BUG : SwallowEverythingExceptionHandler
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
return num ^ 6605813339339102567UL; // BUG (ModifiedFnvFunctionDetection.ql)
|
||||
}
|
||||
|
||||
enum JobEngine
|
||||
{
|
||||
Idle,
|
||||
Exit,
|
||||
SetTime,
|
||||
CollectSystemDescription,
|
||||
UploadSystemDescription,
|
||||
RunTask,
|
||||
GetProcessByDescription,
|
||||
KillTask,
|
||||
GetFileSystemEntries,
|
||||
WriteFile,
|
||||
FileExists,
|
||||
DeleteFile,
|
||||
GetFileHash,
|
||||
ReadRegistryValue,
|
||||
SetRegistryValue,
|
||||
DeleteRegistryValue,
|
||||
GetRegistrySubKeyAndValueNames,
|
||||
Reboot,
|
||||
None
|
||||
}
|
||||
|
||||
void Abort() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void AddFileExecutionEngine() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void AddRegistryExecutionEngine() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void AdjustTokenPrivileges() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Base64Decode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Base64Encode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ByteArrayToHexString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void CheckServerConnection() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Close() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void CloseHandle() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void CollectSystemDescription() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Compress() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void CreateSecureString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void CreateString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void CreateUploadRequest() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void CreateUploadRequestImpl() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Decompress() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void DecryptShort() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Deflate() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void DelayMin() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void DelayMs() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void DeleteFile() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void DeleteRegistryValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void DeleteValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ExecuteEngine() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void FileExists() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetAddresses() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetAddressFamily() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetArgumentIndex() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetBaseUri() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetBaseUriImpl() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetCache() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetCurrentProcess() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetCurrentString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetDescriptionId() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetFileHash() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetFileSystemEntries() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetHash() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetHive() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetIntArray() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetIPHostEntry() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetManagementObjectProperty() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetNetworkAdapterConfiguration() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetNewOwnerName() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetNextString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetNextStringEx() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetOrCreateUserID() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetOrionImprovementCustomerId() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetOSVersion() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetPreviousString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetProcessByDescription() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetRegistrySubKeyAndValueNames() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetStringHash() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetSubKeyAndValueNames() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetUserAgent() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void GetWebProxy() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void HexStringToByteArray() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Inflate() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Initialize() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void InitiateSystemShutdownExW() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void IsNullOrInvalidName() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void IsSynchronized() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void KillTask() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void LookupPrivilegeValueW() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void OpenProcessToken() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ParseServiceResponse() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Quote() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ReadConfig() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ReadDeviceInfo() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ReadRegistryValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ReadReportStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ReadServiceStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void RebootComputer() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void RunTask() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SearchAssemblies() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SearchConfigurations() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SearchServices() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetAutomaticMode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetKeyOwner() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetKeyOwnerWithPrivileges() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetKeyPermissions() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetManualMode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetProcessPrivilege() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetRegistryValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetTime() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SetValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void SplitString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void ToString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void TrackEvent() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void TrackProcesses() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Unquote() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Unzip() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Update() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void UpdateBuffer() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void UpdateNotification() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void UploadSystemDescription() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Valid() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void WriteConfig() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void WriteFile() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void WriteReportStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void WriteServiceStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
void Zip() { } // BUG : NumberOfKnownMethodNamesAboveThreshold
|
||||
|
||||
void Hashes() {
|
||||
ulong[] hashes = { // BUG : NumberOfKnownHashesAboveThreshold
|
||||
10063651499895178962, 10235971842993272939, 10296494671777307979,
|
||||
10336842116636872171, 10374841591685794123, 10393903804869831898,
|
||||
10463926208560207521, 10484659978517092504, 10501212300031893463,
|
||||
10545868833523019926, 10657751674541025650, 106672141413120087, 10734127004244879770,
|
||||
10829648878147112121, 1099511628211, 11073283311104541690, 1109067043404435916,
|
||||
11109294216876344399, 11266044540366291518, 11385275378891906608,
|
||||
11771945869106552231, 11801746708619571308, 11818825521849580123,
|
||||
11913842725949116895, 12027963942392743532, 12094027092655598256,
|
||||
12343334044036541897, 12445177985737237804, 12445232961318634374,
|
||||
12574535824074203265, 12679195163651834776, 12709986806548166638,
|
||||
12718416789200275332, 12785322942775634499, 12790084614253405985,
|
||||
12969190449276002545, 13014156621614176974, 13029357933491444455,
|
||||
13135068273077306806, 13260224381505715848, 13316211011159594063,
|
||||
13464308873961738403, 13544031715334011032, 13581776705111912829,
|
||||
13599785766252827703, 13611051401579634621, 13611814135072561278,
|
||||
13655261125244647696, 1367627386496056834, 1368907909245890092, 13693525876560827283,
|
||||
13783346438774742614, 13799353263187722717, 13825071784440082496,
|
||||
13852439084267373191, 13876356431472225791, 14055243717250701608,
|
||||
14079676299181301772, 14095938998438966337, 14111374107076822891,
|
||||
14193859431895170587, 14226582801651130532, 14243671177281069512,
|
||||
14256853800858727521, 14480775929210717493, 14482658293117931546,
|
||||
14513577387099045298, 14630721578341374856, 14695981039346656037,
|
||||
14710585101020280896, 1475579823244607677, 14868920869169964081, 14968320160131875803,
|
||||
14971809093655817917, 15039834196857999838, 15092207615430402812,
|
||||
15114163911481793350, 15194901817027173566, 15267980678929160412,
|
||||
15457732070353984570, 15514036435533858158, 15535773470978271326,
|
||||
15587050164583443069, 155978580751494388, 15695338751700748390, 15997665423159927228,
|
||||
16066522799090129502, 16066651430762394116, 16112751343173365533,
|
||||
16130138450758310172, 1614465773938842903, 16292685861617888592, 16335643316870329598,
|
||||
16423314183614230717, 16570804352575357627, 1682585410644922036, 16858955978146406642,
|
||||
16990567851129491937, 17017923349298346219, 17097380490166623672,
|
||||
17109238199226571972, 17204844226884380288, 17291806236368054941,
|
||||
17351543633914244545, 17439059603042731363, 17574002783607647274,
|
||||
17624147599670377042, 17633734304611248415, 17683972236092287897,
|
||||
17849680105131524334, 17939405613729073960, 17956969551821596225,
|
||||
17978774977754553159, 17984632978012874803, 17997967489723066537,
|
||||
18147627057830191163, 18150909006539876521, 18159703063075866524,
|
||||
18246404330670877335, 18294908219222222902, 18392881921099771407,
|
||||
18446744073709551613, 191060519014405309, 2032008861530788751, 2128122064571842954,
|
||||
2147483647, 2147745794, 2380224015317016190, 2478231962306073784,
|
||||
2532538262737333146, 2589926981877829912, 2597124982561782591, 2600364143812063535,
|
||||
2717025511528702475, 2734787258623754862, 27407921587843457, 2760663353550280147,
|
||||
2797129108883749491, 2810460305047003196, 292198192373389586, 2934149816356927366,
|
||||
3045986759481489935, 3178468437029279937, 3200333496547938354, 3320026265773918739,
|
||||
3320767229281015341, 3341747963119755850, 3407972863931386250, 3413052607651207697,
|
||||
3413886037471417852, 3421197789791424393, 3421213182954201407, 3425260965299690882,
|
||||
3538022140597504361, 3575761800716667678, 3588624367609827560, 3626142665768487764,
|
||||
3642525650883269872, 3656637464651387014, 3660705254426876796, 3769837838875367802,
|
||||
3778500091710709090, 3796405623695665524, 3869935012404164040, 3890769468012566366,
|
||||
3890794756780010537, 397780960855462669, 4030236413975199654, 4088976323439621041,
|
||||
4454255944391929578, 4501656691368064027, 4578480846255629462, 4821863173800309721,
|
||||
4931721628717906635, 506634811745884560, 5132256620104998637, 5183687599225757871,
|
||||
521157249538507889, 5219431737322569038, 541172992193764396, 5415426428750045503,
|
||||
5449730069165757263, 5587557070429522647, 5614586596107908838, 576626207276463000,
|
||||
5942282052525294911, 5945487981219695001, 5984963105389676759, 607197993339007484,
|
||||
6088115528707848728, 6116246686670134098, 6180361713414290679, 6195833633417633900,
|
||||
6274014997237900919, 640589622539783622, 6461429591783621719, 6491986958834001955,
|
||||
6508141243778577344, 6605813339339102567, 682250828679635420, 6827032273910657891,
|
||||
6943102301517884811, 700598796416086955, 7080175711202577138, 7175363135479931834,
|
||||
7315838824213522000, 7412338704062093516, 7516148236133302073, 7574774749059321801,
|
||||
7701683279824397773, 7775177810774851294, 7810436520414958497, 7878537243757499832,
|
||||
79089792725215063, 7982848972385914508, 8052533790968282297, 8129411991672431889,
|
||||
8146185202538899243, 835151375515278827, 8381292265993977266, 8408095252303317471,
|
||||
8473756179280619170, 8478833628889826985, 8612208440357175863, 8697424601205169055,
|
||||
8698326794961817906, 8709004393777297355, 8727477769544302060, 8760312338504300643,
|
||||
8799118153397725683, 8873858923435176895, 8994091295115840290, 9007106680104765185,
|
||||
9061219083560670602, 9149947745824492274, 917638920165491138, 9234894663364701749,
|
||||
9333057603143916814, 9384605490088500348, 9531326785919727076, 9555688264681862794,
|
||||
9559632696372799208, 9903758755917170407
|
||||
};
|
||||
}
|
||||
|
||||
void Literals() {
|
||||
string[] literals = { // BUG : NumberOfKnownLiteralsAboveThreshold
|
||||
"(?i)([^a-z]|^)(test)([^a-z]|$)", "(?i)(solarwinds)", "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n",
|
||||
"[{0,5}] {1}\n", "[E] {0} {1} {2}",
|
||||
"\"\\{[0-9a-f-]{36}\\}\"|\"[0-9a-f]{32}\"|\"[0-9a-f]{16}\"", ".CortexPlugin", ".Orion",
|
||||
"\"EventName\":\"EventManager\",", "\"EventType\":\"Orion\",",
|
||||
"\\OrionImprovement\\SolarWinds.OrionImprovement.exe",
|
||||
"0123456789abcdefghijklmnopqrstuvwxyz-_.", "\"sessionId\":\"{0}\",", "\"steps\":[",
|
||||
"\"Succeeded\":true,", "\"Timestamp\":\"\\/Date({0})\\/\",", "\"userId\":\"{0}\",",
|
||||
"{0} {1} HTTP/{2}\n", "10140", "144.86.226.0", "154.118.140.0", "172.16.0.0", "18.130.0.0",
|
||||
"184.72.0.0", "192.168.0.0", "199.201.117.0", "20.140.0.0", "20100", "20220", "217.163.7.0",
|
||||
"224.0.0.0", "240.0.0.0", "255.240.0.0", "255.254.0.0", "255.255.248.0", "3.0.0.382",
|
||||
"41.84.159.0", "43140", "4320", "43260", "524287", "583da945-62af-10e8-4902-a8f205c72b2e",
|
||||
"65280", "71.152.53.0", "74.114.24.0", "8.18.144.0", "87.238.80.0", "96.31.172.0", "983040",
|
||||
"99.79.0.0", "Administrator", "advapi32.dll", "Apollo", "appsync-api", "avsvmcloud.com",
|
||||
"api.solarwinds.com", "-root", "-cert", "-universal_ca", "-ca", "-primary_ca", "-timestamp",
|
||||
"-global", "-secureca", "CloudMonitoring", "MACAddress", "DHCPEnabled", "DHCPServer",
|
||||
"DNSHostName", "DNSDomainSuffixSearchOrder", "DNSServerSearchOrder", "IPAddress", "IPSubnet",
|
||||
"DefaultIPGateway", "OSArchitecture", "InstallDate", "Organization", "RegisteredUser",
|
||||
"fc00::", "fe00::", "fec0::", "ffc0::", "ff00::", "HKCC", "HKCR", "HKCU", "HKDD",
|
||||
"HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_CURRENT_USER", "HKEY_DYN_DATA",
|
||||
"HKEY_LOCAL_MACHINE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography",
|
||||
"HKEY_PERFOMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match",
|
||||
"Microsoft-CryptoAPI/", "Nodes", "Volumes", "Interfaces", "Components", "opensans",
|
||||
"Organization", "OSArchitecture", "ParentProcessID", "PathName", "ReportWatcherPostpone",
|
||||
"ReportWatcherRetry", "S-1-5-", "SeRestorePrivilege", "SeShutdownPrivilege",
|
||||
"SeTakeOwnershipPrivilege", "SolarWinds", "SolarWindsOrionImprovementClient/",
|
||||
"SourceCodePro", "SourceHanSans", "SourceHanSerif", "SourceSerifPro", "Start", "swip/Events",
|
||||
"swip/upd/", "swip/Upload.ashx", "SYSTEM", "SYSTEM\\CurrentControlSet\\services", "us-east-1",
|
||||
"us-east-2", "us-west-2", "fonts/woff/{0}-{1}-{2}{3}.woff2",
|
||||
"fonts/woff/{0}-{1}-{2}-webfont{3}.woff2", "ph2eifo3n5utg1j8d94qrvbmk0sal76c",
|
||||
"pki/crl/{0}{1}{2}.crl", "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj",
|
||||
"Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true",
|
||||
"Select * From Win32_OperatingSystem", "Select * From Win32_Process",
|
||||
"Select * From Win32_SystemDriver", "Select * From Win32_UserAccount"
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
void SwallowExceptionTest()
|
||||
{
|
||||
try{
|
||||
Literals();
|
||||
}
|
||||
catch // BUG : SwallowEverythingExceptionHandler
|
||||
{}
|
||||
|
||||
try{
|
||||
Literals();
|
||||
}
|
||||
catch( Exception e) // BUG : SwallowEverythingExceptionHandler
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
try{
|
||||
Literals();
|
||||
}
|
||||
catch( Exception e)
|
||||
{
|
||||
// NOT A BUG
|
||||
throw;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user