Hi Guys,
So, I’m trying to write an analysis that will present me with the full name of what I’m looking as well as the version and also the architecture of it.
so: finding the name right?
Q: names of keys whose (value "DisplayName" of it as string as lowercase starts with "cylance") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of x64 registry
But this is giving me the name of they key and as we know all I’m getting is the GUID
So I was thought:
q: value "DisplayName" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of x64 registry as string as lowercase starts with "cylance"
E: Singular expression refers to nonexistent object.
So that didnt work
ok, so I know what Im looking to do is something like this, but from the registry right?
Q: (if (exists version of it) then (version of it as string) else ("F")) of files of windows folder
to something like this:
Q: (if (value "DisplayName" of it as string as lowercase starts with "cylance") then (value "DisplayName" of it as string as lowercase starts with "cylance" & " - " & value "DisplayVersion" of it as string as lowercase starts with "cylance) else ("No AV detected")) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of x64 registry
I know I’m all over the place but is mostly because I want to be able to construct these relevance queries by my self, not to have you guys write it for me. tho you guys are super kind and end up doing it.