sean.cavanaugh
10/31/2019, 5:12 PMprocesses
table returning incorrect data on 3.4.0.
with the conhost.exe_incorrect_path
query in the windows attack pack.
The query SELECT * FROM processes WHERE LOWER(name)='conhost.exe' AND LOWER(path)!='c:\\windows\\system32\\conhost.exe' AND path!='';
returned conhost.exe
for the name
field, but it returned C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
for the path
value with a cmdline
value for the chrome.exe
entry listed in path
.theopolis
10/31/2019, 5:35 PMsean.cavanaugh
10/31/2019, 7:03 PM