■■■■■ Interesting thread!
The Process CommandLine is just the process own memory indicated by PEB->ProcessParameters->CommandLine->Buffer. Each process can freely change it, and easily fool all tools trying to read such value. Why anyone trusts it?
https://twitter.com/0gtweet/status/1519651092639924224
https://t.me/cKure/11273