Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Get a truncated SHA-1 hash for each running process name; use this to decipher edge://histograms/UIA process info
# Mostly written by https://gist.github.com/pronichkin/b1fcd7b797ed7194dce0a96d98765aa7
Get-Process | Sort-Object -Unique -Property 'Name' | Select-Object -Property @(
@{
'Label' = 'Name'
'Expression' = {
$psItem.Name + ".exe"
}
}
@{
'Label' = 'Hash'
'Expression' = {
$MemoryStream = [System.IO.MemoryStream]::new()
$StreamWriter = [System.IO.StreamWriter]::new( $MemoryStream )
$StreamWriter.write($psItem.Name + ".exe")
$StreamWriter.Flush()
$MemoryStream.Position = 0
$Hash = Get-FileHash -InputStream $MemoryStream -Algorithm 'SHA1'
$HexString = '0x' +
$Hash.Hash.Substring( 6, 2 ) +
$Hash.Hash.Substring( 4, 2 ) +
$Hash.Hash.Substring( 2, 2 ) +
$Hash.Hash.Substring( 0, 2 )
[System.uInt32]$HexString
}
}
) |Sort-Object -Unique -Property 'Hash'| Format-Table -Wrap -AutoSize
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment