Thanks for your feedback.First off, very nice work and effort with this PS Scanner.
I do want to bring to attention something that might be helpful, or might not. The Mismatched Extension: Declared .gif, Actual .exe/.dll on my Windows 11 Home under downloads populated a ton of INACCURACIES as HIGH. And here is the why i think. I purposely have ALL my image file associations in Win 11 NOT MS DEFAULT PHOTO VIEW but instead use Irfanview. So it's my guess that ORION Script Heuristics currently is strictly hard wired to Windows own default program association in this discovery. By design i am sure, However you can be assured this is no problem with the script. Clicking on the tagged GIF's/PNG'S on my system in (DOWNLOADS FOLDER) activates the Irfanview EXE for display locally, which this ORION Script RIGHTLY DETERMINES as SUSP separated from Win 11 default image view to display those associated images.
Looking forward to further additions/improvements. No real bugs to pass along for assistance yet. Good Job!
Yes. 146Kb. Of note after Remediation File (JSON) found a blank file on desktop named 0. I have no idea. Zip PW of susp also returns Wrong Password every time for me. I hope others are trying this out to confirm or deny. I will redo again anew and see what pans out to be sure same or diff results.
I changed the password to “infected”, it is more standard. There is a user manual coming as well, it will be built in with the script. I will edit the thread soon with that and the user manual. I’ll investigate the blank file. It will all be fixed tomorrow probably. The network monitor will also appear.
Thanks @Trident that explains it. You been busy!
| Orion:SuspFile!MismatchExt | C:\Users\magic\Downloads\windows-update-feature-image.jpg | Mismatched Extension: Declared .jpg, Actual .exe/.dll |
The password is printed in the log, but it’s a good idea to add it to the report as well.
Total 'erfecto and positive implications there. Marvelous.
github.com
