I need some coffee

Author: w0rk3r

rules/windows/execution_suspicious_powershell_imgload.toml

@@ -92,7 +92,7 @@ host.os.type:windows and event.category:library and
     process.code_signature.trusted:true
   ) and
   not (
-    processs.executable: C\:\\Windows\\AdminArsenal\\PDQInventory-Scanner\\service-*\\exec\\PDQInventoryScanner.exe and
+    process.executable: C\:\\Windows\\AdminArsenal\\PDQInventory-Scanner\\service-*\\exec\\PDQInventoryScanner.exe and
     process.code_signature.subject_name:"PDQ.com Corporation" and
     process.code_signature.trusted:true
   ) and