Invoke-BluGenieProcessHash

SYNOPSIS

Suspend, Resume, Stop and Export processes or process information based on the Hash value. This function is setup to take one or many hash descriptors, locate the running item, and manage it by either Suspending it Resuming it, or Stopping / Killing it.

SYNTAX

Invoke-BluGenieProcessHash [[-Hash] <String[]>] [[-Managetype] <String>] [[-Algorithm] <String>] [-FilterType <String>] [-Pattern <String>] [-TimerLoop <Int32>] [-SleepTime <Int32>] [-Walkthrough] [-ReturnObject] 
[-OutUnEscapedJSON] [<CommonParameters>]

DESCRIPTION

Suspend, Resume, Stop and Export processes or process information based on the 'Process','Handle','Path', or 'Hash' This function is setup to take one or many descriptors, locate the running item(s), and manage it by either Suspending it Resuming it, or Stopping / Killing it.

EXAMPLES

EXAMPLE 1

Invoke-BluGenieProcessHash

Description: Display the hash information for all running Processes.
Notes: The default Algorithm is (MD5)

EXAMPLE 2

Command: Invoke-BluGenieProcessHash -Hash 80c6dd21910db50b90f0a5d00957ab6e011c43e23dfb4bf174c1448ce2863e0c81fbc8cc07e9b0bd4f4dbef2ada31c1dc7e676e9bc0b40bf7b85f2d052fdf5a9 -Algorithm SHA512

Description: Terminate the Process with the specific hash.
Notes: The Algorithm used is (SHA512)

EXAMPLE 3

Command: Invoke-BluGenieProcessHash -Hash 74b64b52a66c242fe8a3119fb8445295e0b8719187653cd08cedeeaa26e97452 -Algorithm SHA256 -ManageType Suspend

Description: Suspend the Process with the specific hash.
Notes: The Algorithm used is (SHA256)

EXAMPLE 4

Command: Invoke-BluGenieProcessHash -Hash 74b64b52a66c242fe8a3119fb8445295e0b8719187653cd08cedeeaa26e97452 -Algorithm SHA256 -ManageType Resume

Description: Resume the Process with the specific hash.
Notes: The Algorithm used is (SHA256)

EXAMPLE 5

Command: Invoke-BluGenieProcessHash -FilterType 'Process' -Pattern 'notepad'

Description: Filter all processes by Process name and look for any process that matches ( notepad ) in the name
Notes:

EXAMPLE 6

Command: Invoke-BluGenieProcessHash -FilterType 'Process' -Pattern '^notepad\.exe$'

Description: Filter all processes by Process name and look for the exact match of ( Notepad.exe )
Notes:

EXAMPLE 7

Command: Invoke-BluGenieProcessHash -FilterType 'Hash' -Pattern 'f1139811bbf61362915958806ad30211|88c998e5af2e07a81c35d34b6edd0006'

Description: Search for multiple items with Regex
Notes:

EXAMPLE 8

Command: Invoke-BluGenieProcessHash -FilterType 'Hash' -Pattern 'f1139811bbf61362915958806ad30211|88c998e5af2e07a81c35d34b6edd0006' -Managetype Stop

Description: Terminate multiple items with Regex
Notes:

EXAMPLE 9

Command: Invoke-BluGenieProcessHash -Help

Description: Call Help Information
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal 
Get-Help will be called with the -Full parameter

EXAMPLE 10

Command: Invoke-BluGenieProcessHash -WalkThrough

Description: Call Help Information [2]
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal 
Get-Help will be called with the -Full parameter

EXAMPLE 11

Command: Invoke-BluGenieProcessHash -OutUnEscapedJSON

Description: Display the hash information for all running Processes and Return Output as UnEscaped JSON format
Notes:  The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters.  Normal return data is a Hash Table.

EXAMPLE 12

Command: Invoke-BluGenieProcessHash -ReturnObject

Description: Display the hash information for all running Processes and Return Output an Object
Notes:  The ReturnObject is used to return a PowerShell Object.  Normal return data is a Hash Table.

PARAMETERS

Hash

-Hash <String[]>
   Description: The Hash value for a specific process
   Notes:  
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    1
   Default value                
   Accept pipeline input?       false
   Accept wildcard characters?  false

Managetype

-Managetype <String>
   Description: Manage the behavior of the process (Suspend, Resume, Stop)
   Notes:  
   Alias:
   ValidateSet: 'Report','Suspend','Resume','Stop'
   
   Required?                    false
   Position?                    2
   Default value                Report
   Accept pipeline input?       false
   Accept wildcard characters?  false

Algorithm

-Algorithm <String>
   Description:  Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file. 
   Notes:  The acceptable values for this parameter are:
   
               - SHA1
               - SHA256
               - SHA384
               - SHA512
               - MACTripleDES
               - MD5 = (Default)
               - RIPEMD160
   Alias: 
   ValidateSet: 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512'
   
   Required?                    false
   Position?                    3
   Default value                MD5
   Accept pipeline input?       false
   Accept wildcard characters?  false

FilterType

-FilterType <String>
   Description:  Which property to filter by
         Notes:  
             Filter Option
   	•	"Process"
   			Process Name
   	•	"Handle"
   			Handle of the Process
             •	"Path"
   			Full path with extension of the executable
             •	"Hash"
   			Hash value based on 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512' which is controlled wit the 
   		-Algorithm parameter
   Alias:
   ValidateSet: 'Process','Handle','Path','Hash'
   
   Required?                    false
   Position?                    named
   Default value                Hash
   Accept pipeline input?       false
   Accept wildcard characters?  false

Pattern

-Pattern <String>
   Description:  RegEx supported Search patterns to help filter the returning criteria
   Notes:  
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                .*
   Accept pipeline input?       false
   Accept wildcard characters?  false

TimerLoop

-TimerLoop <Int32>
   Description: Set how many loops the terminate process checks for validation
   Notes:  
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                12
   Accept pipeline input?       false
   Accept wildcard characters?  false

SleepTime

-SleepTime <Int32>
   Description: Set the Sleep time between each loop
   Notes:  
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                5
   Accept pipeline input?       false
   Accept wildcard characters?  false

Walkthrough

-Walkthrough [<SwitchParameter>]
   Description:  Start the dynamic help menu system to help walk through the current command and all of the parameters
   Notes:  
   Alias: Help
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ReturnObject

-ReturnObject [<SwitchParameter>]
   Description: Return information as an Object
   Notes: By default the data is returned as a Hash Table
   Alias: 
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                True
   Accept pipeline input?       false
   Accept wildcard characters?  false

OutUnEscapedJSON

-OutUnEscapedJSON [<SwitchParameter>]
   Description: Remove UnEsacped Char from the JSON information.
   Notes: This will beautify json and clean up the formatting.
   Alias: 
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

CommonParameters

PreviousInvoke-BluGenieProcess NextInvoke-BluGeniePSQuery

Last updated 3 years ago

Invoke-BluGenieProcessHash [[-Hash] <String[]>] [[-Managetype] <String>] [[-Algorithm] <String>] [-FilterType <String>] [-Pattern <String>] [-TimerLoop <Int32>] [-SleepTime <Int32>] [-Walkthrough] [-ReturnObject] [-OutUnEscapedJSON] [<CommonParameters>]

Description: Call Help Information Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter

Description: Call Help Information [2] Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter

Description: Display the hash information for all running Processes and Return Output as UnEscaped JSON format Notes: The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters. Normal return data is a Hash Table.

-Hash <String[]> Description: The Hash value for a specific process Notes: Alias: ValidateSet: Required? false Position? 1 Default value Accept pipeline input? false Accept wildcard characters? false

-Managetype <String> Description: Manage the behavior of the process (Suspend, Resume, Stop) Notes: Alias: ValidateSet: 'Report','Suspend','Resume','Stop' Required? false Position? 2 Default value Report Accept pipeline input? false Accept wildcard characters? false

-Algorithm <String> Description: Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file. Notes: The acceptable values for this parameter are: - SHA1 - SHA256 - SHA384 - SHA512 - MACTripleDES - MD5 = (Default) - RIPEMD160 Alias: ValidateSet: 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512' Required? false Position? 3 Default value MD5 Accept pipeline input? false Accept wildcard characters? false

-FilterType <String> Description: Which property to filter by Notes: Filter Option • "Process"  Process Name • "Handle"  Handle of the Process • "Path"  Full path with extension of the executable • "Hash"  Hash value based on 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512' which is controlled wit the -Algorithm parameter Alias: ValidateSet: 'Process','Handle','Path','Hash' Required? false Position? named Default value Hash Accept pipeline input? false Accept wildcard characters? false

-Pattern <String> Description: RegEx supported Search patterns to help filter the returning criteria Notes: Alias: ValidateSet: Required? false Position? named Default value .* Accept pipeline input? false Accept wildcard characters? false

-TimerLoop <Int32> Description: Set how many loops the terminate process checks for validation Notes: Alias: ValidateSet: Required? false Position? named Default value 12 Accept pipeline input? false Accept wildcard characters? false

-SleepTime <Int32> Description: Set the Sleep time between each loop Notes: Alias: ValidateSet: Required? false Position? named Default value 5 Accept pipeline input? false Accept wildcard characters? false

-Walkthrough [<SwitchParameter>] Description: Start the dynamic help menu system to help walk through the current command and all of the parameters Notes: Alias: Help ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false

-ReturnObject [<SwitchParameter>] Description: Return information as an Object Notes: By default the data is returned as a Hash Table Alias: ValidateSet: Required? false Position? named Default value True Accept pipeline input? false Accept wildcard characters? false

-OutUnEscapedJSON [<SwitchParameter>] Description: Remove UnEsacped Char from the JSON information. Notes: This will beautify json and clean up the formatting. Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false