Description
Get detailed information about the current process such as the full path to the executable, commandline args, integrity level, and bitness.
Overview
Get basic information about the current process including:
- Commandline arguments
- Process Integrity Level
- Process Id
- Parent Process Id
- Name
- Full path to the executable
- Username and domain name (if applicable)
- Bitness (either x86 or x64)
Dependencies
- Common
Operating Systems
- Windows
Example Text
CommandLine : "C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\Release\implants\e060ed549dcf469ab02bc8bfa318877e\x64\WinNativeExe.exe"
IntegrityLevel : Medium
PID : 16260
PPID : 4140
Name : WinNativeExe.exe
Path : C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\Release\implants\e060ed549dcf469ab02bc8bfa318877e\x64\WinNativeExe.exe
Username : DESKTOP-LMCH70V\helpdesk
Bitness : x64
Example Json
{
"CommandLine": "C:\\Users\\helpdesk\\Desktop\\Workspace\\repos\\SpecterInsight\\src\\Release\\implants\\e060ed549dcf469ab02bc8bfa318877e\\x64\\WinNativeExe.exe",
"IntegrityLevel": "Medium",
"PID": 16260,
"PPID": 4140,
"Name": "WinNativeExe.exe",
"Path": "C:\\Users\\helpdesk\\Desktop\\Workspace\\repos\\SpecterInsight\\src\\Release\\implants\\e060ed549dcf469ab02bc8bfa318877e\\x64\\WinNativeExe.exe",
"Username": "DESKTOP-LMCH70V\\helpdesk",
"Bitness": "x64"
}