| @( | |
| [PSCustomObject]@{ | |
| Path='HKLM:\SOFTWARE\Classes\Exefile\Shell\Open\Command' | |
| Item='exefile' | |
| Category='Image Hijacks' | |
| Value='"%1" %*' | |
| ImagePath=$null | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\Software\Classes\exefile\shell\open\command' | |
| Item='.exe' | |
| Category='Image Hijacks' | |
| Value='"%1" %*' | |
| ImagePath=$null | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\Software\Classes\cmdfile\shell\open\command' | |
| Item='.cmd' | |
| Category='Image Hijacks' | |
| Value='"%1" %*' | |
| ImagePath=$null | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs' | |
| Item='_wowarmhw' | |
| Category='Known Dlls' | |
| Value='wowarmhw.dll' | |
| ImagePath='C:\WINDOWS\System32\wowarmhw.dll' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs' | |
| Item='_xtajit' | |
| Category='Known Dlls' | |
| Value='xtajit.dll' | |
| ImagePath='C:\WINDOWS\System32\xtajit.dll' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\SOFTWARE\\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}' | |
| Item='StubPath' | |
| Category='Logon' | |
| Value='/UserInstall' | |
| ImagePath='' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\SOFTWARE\\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}' | |
| Item='StubPath' | |
| Category='Logon' | |
| Value='U' | |
| ImagePath='' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKCU:\Software\\Microsoft\Windows\CurrentVersion\Run' | |
| Item='EpicGamesLauncher' | |
| Category='Logon' | |
| Value='"C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent' | |
| ImagePath='C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe' | |
| Size=[long]33092496 | |
| LastWriteTime=[datetime]637395902546270989 # 2020-10-29 17:44:14Z | |
| Version='' | |
| MD5='1976F94E64C4252948085BA70C1FC235' | |
| SHA1='9A083D2F11D4990F4869002B47F33F728060616C' | |
| SHA256='5E92C272BD57928CD4C78F45CD778CAA6243BD069228D63462D6B89B861EFB26' | |
| Signed=[bool]'True' | |
| Publisher='CN=Epic Games Inc., O=Epic Games Inc., L=Raleigh, S=North Carolina, C=US' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' | |
| Item='Startup' | |
| Category='Logon' | |
| Value='%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup' | |
| ImagePath='' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders' | |
| Item='Startup' | |
| Category='Logon' | |
| Value='C:\Users\Emin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup' | |
| ImagePath='' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\AsIO' | |
| Item='ImagePath' | |
| Category='Drivers' | |
| Value='SysWow64\drivers\AsIO.sys' | |
| ImagePath='C:\WINDOWS\SysWow64\drivers\AsIO.sys' | |
| Size=[long]15232 | |
| LastWriteTime=[datetime]636499403080000000 # 2017-12-27 02:58:28Z | |
| Version=$null | |
| MD5='798DE15F187C1F013095BBBEB6FB6197' | |
| SHA1='92F251358B3FE86FD5E7AA9B17330AFA0D64A705' | |
| SHA256='436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7' | |
| Signed=[bool]'True' | |
| Publisher='CN=ASUSTeK Computer Inc., OU=Quality Testing Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ASUSTeK Computer Inc., L=Taipei / Peitou, S=Taiwan, C=TW' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\AsUpIO' | |
| Item='ImagePath' | |
| Category='Drivers' | |
| Value='SysWow64\drivers\AsUpIO.sys' | |
| ImagePath='C:\WINDOWS\SysWow64\drivers\AsUpIO.sys' | |
| Size=[long]14464 | |
| LastWriteTime=[datetime]636251198780000000 # 2017-03-14 20:24:38Z | |
| Version=$null | |
| MD5='1392B92179B07B672720763D9B1028A5' | |
| SHA1='8B6AA5B2BFF44766EF7AFBE095966A71BC4183FA' | |
| SHA256='B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602' | |
| Signed=[bool]'True' | |
| Publisher='CN=ASUSTeK Computer Inc., OU=Quality Testing Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ASUSTeK Computer Inc., L=Taipei / Peitou, S=Taiwan, C=TW' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\AsusUpdateCheck' | |
| Item='ImagePath' | |
| Category='Services' | |
| Value='C:\WINDOWS\System32\AsusUpdateCheck.exe' | |
| ImagePath='C:\WINDOWS\System32\AsusUpdateCheck.exe' | |
| Size=[long]1087736 | |
| LastWriteTime=[datetime]637399454371900172 # 2020-11-02 20:23:57Z | |
| Version=$null | |
| MD5='D57184AF48A5A46C822A4AE065FC0477' | |
| SHA1='4EB5DAEC89EBEE9DD741953CAB26D9479724B8CB' | |
| SHA256='C5F306367772D07806D978E8C0F99E007661CCCEA9E92668EC6B01A69640F1E2' | |
| Signed=[bool]'True' | |
| Publisher='CN=ASUSTeK Computer Inc., O=ASUSTeK Computer Inc., L=Taipei City, S=Taipei, C=TW' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\BEService' | |
| Item='ImagePath' | |
| Category='Services' | |
| Value='"C:\Program Files (x86)\Common Files\BattlEye\BEService.exe"' | |
| ImagePath='C:\Program Files (x86)\Common Files\BattlEye\BEService.exe' | |
| Size=[long]8736880 | |
| LastWriteTime=[datetime]637388834289920460 # 2020-10-21 13:23:48Z | |
| Version=$null | |
| MD5='570F946AF4081C9837BD3E22234D332C' | |
| SHA1='C8884AC27F0BD787BF735E2BC41AD57F4755F1CC' | |
| SHA256='654CD0FA0FEFF856D1187E8D403796F1AD9CE8FE7B7AC40B11FEF412C78C126D' | |
| Signed=[bool]'True' | |
| Publisher='CN=BattlEye Innovations e.K., O=BattlEye Innovations e.K., L=Reutlingen, S=Baden-Württemberg, C=DE' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\DTSAPO3Service' | |
| Item='ImagePath' | |
| Category='Services' | |
| Value='C:\WINDOWS\System32\DTS\PC\APO3x\DTSAPO3Service.exe' | |
| ImagePath='C:\WINDOWS\System32\DTS\PC\APO3x\DTSAPO3Service.exe' | |
| Size=[long]207840 | |
| LastWriteTime=[datetime]636658397000000000 # 2018-06-29 03:28:20Z | |
| Version=$null | |
| MD5='72A4531F2D04499527B481B9DB2CEBF5' | |
| SHA1='4324251B1C62C5BD144E44A03A9CF0D1FDBA076C' | |
| SHA256='0BB112234DEED6398419A05E8335197200B69495CD994A79159CDE30FA2F1435' | |
| Signed=[bool]'True' | |
| Publisher='CN=Microsoft Windows Hardware Compatibility Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\ibtsiva' | |
| Item='ImagePath' | |
| Category='Services' | |
| Value='C:\WINDOWS\system32\ibtsiva' | |
| ImagePath='C:\WINDOWS\system32\ibtsiva' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\MpKslf44fd7b4' | |
| Item='ImagePath' | |
| Category='Drivers' | |
| Value='\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F291B230-0A0A-4F6D-B004-BD76AFDC495E}\MpKslDrv.sys' | |
| ImagePath='C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F291B230-0A0A-4F6D-B004-BD76AFDC495E}\MpKslDrv.sys' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\Netwtw08' | |
| Item='ImagePath' | |
| Category='Drivers' | |
| Value='\SystemRoot\System32\drivers\Netwtw08.sys' | |
| ImagePath='C:\WINDOWS\System32\drivers\Netwtw08.sys' | |
| Size=[long]8851480 | |
| LastWriteTime=[datetime]636688977340000000 # 2018-08-03 12:55:34Z | |
| Version='' | |
| MD5='D73AD77D8D7E108298B6EF4533D69479' | |
| SHA1='4B05A4C53086163743BDC21977E818C06E8C9E03' | |
| SHA256='A71D9124811A5AF60DA505FC34475EF25C46B81A58084A27A1792BB35EFD1721' | |
| Signed=[bool]'True' | |
| Publisher='CN=Microsoft Windows Hardware Compatibility Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\NVDisplay.ContainerLocalSystem' | |
| Item='ImagePath' | |
| Category='Services' | |
| Value='"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ' | |
| ImagePath='C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe' | |
| Size=[long]781680 | |
| LastWriteTime=[datetime]637056584811873954 # 2019-10-03 00:14:41Z | |
| Version='' | |
| MD5='8B5841A9FCC251272232C281CBB2D312' | |
| SHA1='9E577BA2F76567B9048B5C191F61C0C15EA77C80' | |
| SHA256='A35DA5CAB574F799C0A9F51CAE98B152993F7BB5BDB1669E8973547658D1843D' | |
| Signed=[bool]'True' | |
| Publisher='CN=NVIDIA Corporation, OU=IT-MIS, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\System\CurrentControlSet\Services\NvTelemetryContainer' | |
| Item='ImagePath' | |
| Category='Services' | |
| Value='"C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r' | |
| ImagePath='C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe' | |
| Size=[long]790384 | |
| LastWriteTime=[datetime]636828051730000000 # 2019-01-11 12:06:13Z | |
| Version='' | |
| MD5='FA8017E0195172669AF1DF96DE4A49AF' | |
| SHA1='E85727B6FF84BE5D077DBEC35DFA94777C08418D' | |
| SHA256='045079E482011D575BDDE158C728DB93801E7D64DC9AA8C3BD05A85F75F34350' | |
| Signed=[bool]'True' | |
| Publisher='CN=NVIDIA Corporation, OU=IT-MIS, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US' | |
| }, | |
| [PSCustomObject]@{ | |
| Path='HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers' | |
| Item='Adobe Type Manager' | |
| Category='Services' | |
| Value='atmfd.dll' | |
| ImagePath='C:\WINDOWS\System32\atmfd.dll' | |
| Size=$null | |
| LastWriteTime=$null | |
| Version=$null | |
| MD5=$null | |
| SHA1=$null | |
| SHA256=$null | |
| Signed=$null | |
| IsOSBinary=$null | |
| Publisher=$null | |
| }, | |
| [PSCustomObject]@{ | |
| Path='C:\WINDOWS\system32\Tasks\ASUS\Ez Update' | |
| Item='Ez Update' | |
| Category='Task' | |
| Value='C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe -onlytray' | |
| ImagePath='C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe' | |
| Size=[long]1466816 | |
| LastWriteTime=[datetime]636755095380000000 # 2018-10-19 01:32:18Z | |
| Version=$null | |
| MD5='5F1E4618C6CDDF47199AA832412EC561' | |
| SHA1='4C732D0114BBA2497F55B4DCD0D8E69F72A1E1BA' | |
| SHA256='679464A7EBB57C3ED67574D67B52A4847B635813958302C88EE8F766C682FECC' | |
| Signed=[bool]'True' | |
| Publisher='CN=ASUSTeK Computer Inc., O=ASUSTeK Computer Inc., L=Taipei City, S=Taipei, C=TW' | |
| } | |
| ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment