Update Amnesiac.ps1

Leo4j · Dec 6, 2023 · 216ba3a · 216ba3a
1 parent 7befe2e
commit 216ba3a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Amnesiac.ps1 b/Amnesiac.ps1
@@ -4327,7 +4327,7 @@ function Get-Command {
 
 	elseif ($Command -eq "Process") {
 		$predefinedCommands = @(
-			'$isAdmin = ([System.Security.Principal.WindowsPrincipal][System.Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator);if($isAdmin){Write-Output "";Write-Output "[+] Processes sorted by ProcessName:";Get-Process -IncludeUserName | Select ID, ProcessName, SessionId, UserName, Path | Sort ProcessName | ft -Autosize | Out-String -Width 4096;Write-Output "[+] Processes sorted by Username:";Get-Process -IncludeUserName | Select ID, ProcessName, SessionId, UserName, Path | Sort UserName,ProcessName | ft -Autosize | Out-String -Width 4096;Write-Output "[+] Current Process:";Get-Process -IncludeUserName | Where-Object { $_.Id -eq $PID } | Select ID, ProcessName, SessionId, UserName, Path | Sort ID | Format-Table -AutoSize | Out-String -Width 4096}else{Write-Output "";Write-Output "[+] Processes sorted by PID:";Get-Process | Select ID, ProcessName, SessionId, Path | Sort ID | ft -Autosize | Out-String -Width 4096;Write-Output "[+] Current Process:";Get-Process | Where-Object { $_.Id -eq $PID } | Select ID, ProcessName, SessionId, Path | Format-Table -AutoSize | Out-String -Width 4096}#'
+			'$isAdmin = ([System.Security.Principal.WindowsPrincipal][System.Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator);$Isx64 = [System.Environment]::Is64BitProcess;if($isAdmin){Write-Output "";Write-Output "[+] Processes sorted by ProcessName:";Get-Process -IncludeUserName | Select ID, ProcessName, SessionId, UserName, Path | Sort ProcessName | ft -Autosize | Out-String -Width 4096;Write-Output "[+] Processes sorted by Username:";Get-Process -IncludeUserName | Select ID, ProcessName, SessionId, UserName, Path | Sort UserName,ProcessName | ft -Autosize | Out-String -Width 4096;if($Isx64){Write-Output "[+] Current Process [x64]:"}else{Write-Output "[+] Current Process [x86]:"};Get-Process -IncludeUserName | Where-Object { $_.Id -eq $PID } | Select ID, ProcessName, SessionId, UserName, Path | Sort ID | Format-Table -AutoSize | Out-String -Width 4096}else{Write-Output "";Write-Output "[+] Processes sorted by PID:";Get-Process | Select ID, ProcessName, SessionId, Path | Sort ID | ft -Autosize | Out-String -Width 4096;if($Isx64){Write-Output "[+] Current Process [x64]:"}else{Write-Output "[+] Current Process [x86]:"};Get-Process | Where-Object { $_.Id -eq $PID } | Select ID, ProcessName, SessionId, Path | Format-Table -AutoSize | Out-String -Width 4096}#'
 		)
 	}