Open Marijn17s opened 11 months ago
Marijn17s
commented
11 months ago Possible fix 1:
string computerName = Environment.MachineName; string namespaceName = "root\CIMV2"; string className = "Win32_NetworkAdapter"; string name = adapter["Name"].ToString(); string deviceId = adapter["DeviceID"].ToString();
string fullPath = $"\\{computerName}\{namespaceName}:{className}.{name}=\"{deviceId}\"";
Marijn17s
commented
11 months ago Possible fix 2:
string className = adapter.ClassPath.ClassName; string name = adapter["Name"].ToString(); string deviceId = adapter["DeviceID"].ToString(); string relativePath = $"{className}.Name='{name}',DeviceID='{deviceId}'";
Marijn17s
commented
10 months ago Below code also triggers it (same method)
var searcher = new ManagementObjectSearcher($"select * from win32_networkadapter where Name='{adaptername}'");
Marijn17s
commented
10 months ago Other code possibly triggers false positive, or obfuscation / costura fody packing triggers it
Edit: code is now MSIL/HackTool.Agent_AGen.AF
"var match = Regex.Match(adapter?.Path.RelativePath, "\\"(\d+)\\"$");"
PrivacyTool.cs Line:152 trycatch code above