Invoke-BluGenieProcessHash
Suspend, Resume, Stop and Export processes or process information based on the Hash value. This function is setup to take one or many hash descriptors, locate the running item, and manage it by either Suspending it Resuming it, or Stopping / Killing it.
Invoke-BluGenieProcessHash [[-Hash] <String[]>] [[-Managetype] <String>] [[-Algorithm] <String>] [-FilterType <String>] [-Pattern <String>] [-TimerLoop <Int32>] [-SleepTime <Int32>] [-Walkthrough] [-ReturnObject]
[-OutUnEscapedJSON] [<CommonParameters>]
Suspend, Resume, Stop and Export processes or process information based on the 'Process','Handle','Path', or 'Hash' This function is setup to take one or many descriptors, locate the running item(s), and manage it by either Suspending it Resuming it, or Stopping / Killing it.
Invoke-BluGenieProcessHash
Description: Display the hash information for all running Processes.
Notes: The default Algorithm is (MD5)
Command: Invoke-BluGenieProcessHash -Hash 80c6dd21910db50b90f0a5d00957ab6e011c43e23dfb4bf174c1448ce2863e0c81fbc8cc07e9b0bd4f4dbef2ada31c1dc7e676e9bc0b40bf7b85f2d052fdf5a9 -Algorithm SHA512
Description: Terminate the Process with the specific hash.
Notes: The Algorithm used is (SHA512)
Command: Invoke-BluGenieProcessHash -Hash 74b64b52a66c242fe8a3119fb8445295e0b8719187653cd08cedeeaa26e97452 -Algorithm SHA256 -ManageType Suspend
Description: Suspend the Process with the specific hash.
Notes: The Algorithm used is (SHA256)
Command: Invoke-BluGenieProcessHash -Hash 74b64b52a66c242fe8a3119fb8445295e0b8719187653cd08cedeeaa26e97452 -Algorithm SHA256 -ManageType Resume
Description: Resume the Process with the specific hash.
Notes: The Algorithm used is (SHA256)
Command: Invoke-BluGenieProcessHash -FilterType 'Process' -Pattern 'notepad'
Description: Filter all processes by Process name and look for any process that matches ( notepad ) in the name
Notes:
Command: Invoke-BluGenieProcessHash -FilterType 'Process' -Pattern '^notepad\.exe$'
Description: Filter all processes by Process name and look for the exact match of ( Notepad.exe )
Notes:
Command: Invoke-BluGenieProcessHash -FilterType 'Hash' -Pattern 'f1139811bbf61362915958806ad30211|88c998e5af2e07a81c35d34b6edd0006'
Description: Search for multiple items with Regex
Notes:
Command: Invoke-BluGenieProcessHash -FilterType 'Hash' -Pattern 'f1139811bbf61362915958806ad30211|88c998e5af2e07a81c35d34b6edd0006' -Managetype Stop
Description: Terminate multiple items with Regex
Notes:
Command: Invoke-BluGenieProcessHash -Help
Description: Call Help Information
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal
Get-Help will be called with the -Full parameter
Command: Invoke-BluGenieProcessHash -WalkThrough
Description: Call Help Information [2]
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal
Get-Help will be called with the -Full parameter
Command: Invoke-BluGenieProcessHash -OutUnEscapedJSON
Description: Display the hash information for all running Processes and Return Output as UnEscaped JSON format
Notes: The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters. Normal return data is a Hash Table.
Command: Invoke-BluGenieProcessHash -ReturnObject
Description: Display the hash information for all running Processes and Return Output an Object
Notes: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table.
-Hash <String[]>
Description: The Hash value for a specific process
Notes:
Alias:
ValidateSet:
Required? false
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Managetype <String>
Description: Manage the behavior of the process (Suspend, Resume, Stop)
Notes:
Alias:
ValidateSet: 'Report','Suspend','Resume','Stop'
Required? false
Position? 2
Default value Report
Accept pipeline input? false
Accept wildcard characters? false
-Algorithm <String>
Description: Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file.
Notes: The acceptable values for this parameter are:
- SHA1
- SHA256
- SHA384
- SHA512
- MACTripleDES
- MD5 = (Default)
- RIPEMD160
Alias:
ValidateSet: 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512'
Required? false
Position? 3
Default value MD5
Accept pipeline input? false
Accept wildcard characters? false
-FilterType <String>
Description: Which property to filter by
Notes:
Filter Option
• "Process"
Process Name
• "Handle"
Handle of the Process
• "Path"
Full path with extension of the executable
• "Hash"
Hash value based on 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512' which is controlled wit the
-Algorithm parameter
Alias:
ValidateSet: 'Process','Handle','Path','Hash'
Required? false
Position? named
Default value Hash
Accept pipeline input? false
Accept wildcard characters? false
-Pattern <String>
Description: RegEx supported Search patterns to help filter the returning criteria
Notes:
Alias:
ValidateSet:
Required? false
Position? named
Default value .*
Accept pipeline input? false
Accept wildcard characters? false
-TimerLoop <Int32>
Description: Set how many loops the terminate process checks for validation
Notes:
Alias:
ValidateSet:
Required? false
Position? named
Default value 12
Accept pipeline input? false
Accept wildcard characters? false
-SleepTime <Int32>
Description: Set the Sleep time between each loop
Notes:
Alias:
ValidateSet:
Required? false
Position? named
Default value 5
Accept pipeline input? false
Accept wildcard characters? false
-Walkthrough [<SwitchParameter>]
Description: Start the dynamic help menu system to help walk through the current command and all of the parameters
Notes:
Alias: Help
ValidateSet:
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-ReturnObject [<SwitchParameter>]
Description: Return information as an Object
Notes: By default the data is returned as a Hash Table
Alias:
ValidateSet:
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-OutUnEscapedJSON [<SwitchParameter>]
Description: Remove UnEsacped Char from the JSON information.
Notes: This will beautify json and clean up the formatting.
Alias:
ValidateSet:
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Last modified 1yr ago