Title
#general
Grant

Grant

11/13/2020, 3:48 AM
i do not see it spawning a conhost.exe if i unzip the msi and use osqueryi.exe (as a service) instead of osqueryd.exe in this case i see only two osquery processes, which what i would expect
a

alessandrogario

11/13/2020, 1:19 PM
It should be a Windows executable; it should be possible, from the Task Manager/Details window, to select "Open file location"
1:19 PM
It should be possible to inspect the authenticode signature from the properties, and verify that's a legit binary