Description
Starts capturing keystrokes.
Overview
Get basic information about the current process including:
- Commandline arguments
- Process Integrity Level
- Process Id
- Parent Process Id
- Name
- Full path to the executable
- Username and domain name (if applicable)
- Bitness (either x86 or x64)
Dependencies
- Common
Operating Systems
- Windows
Example Text
CommandLine : "C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\Release\implants\e060ed549dcf469ab02bc8bfa318877e\x64\WinNativeExe.exe"
IntegrityLevel : Medium
PID : 16260
PPID : 4140
Name : WinNativeExe.exe
Path : C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\Release\implants\e060ed549dcf469ab02bc8bfa318877e\x64\WinNativeExe.exe
Username : DESKTOP-LMCH70V\helpdesk
Bitness : x64
Example Json
{
"CommandLine": "C:\\Users\\helpdesk\\Desktop\\Workspace\\repos\\SpecterInsight\\src\\Release\\implants\\e060ed549dcf469ab02bc8bfa318877e\\x64\\WinNativeExe.exe",
"IntegrityLevel": "Medium",
"PID": 16260,
"PPID": 4140,
"Name": "WinNativeExe.exe",
"Path": "C:\\Users\\helpdesk\\Desktop\\Workspace\\repos\\SpecterInsight\\src\\Release\\implants\\e060ed549dcf469ab02bc8bfa318877e\\x64\\WinNativeExe.exe",
"Username": "DESKTOP-LMCH70V\\helpdesk",
"Bitness": "x64"
}