The first Powershell script I wrote was a quick fix to remove certificates from the Untrusted registry key after a Vonteera infection. The problem I have been faced with is finding the hexadecimal values that were the registry keys of the certificates. I have had to take registry snapshots before and after the infection to find out which ones were added. To compare the new set of certificates with an older snapshot, I have changed the previous command a little bit, for practical reasons.”]
Source: https://blog.malwarebytes.com/101/2017/08/learning-powershell-some-basic-commands/