Query Details
Smashjacker Appinit DL Lmodifcation
Query
DeviceProcessEvents | where ProcessVersionInfoFileDescription contains "Registry Console Tool" and ProcessCommandLine contains "AppInit_DLLs"
Explanation
This query is searching through device process events to find instances where:
- The description of the process includes the phrase "Registry Console Tool".
- The command line used to start the process includes the term "AppInit_DLLs".
In simple terms, it looks for processes related to the Registry Console Tool that were started with a command line containing "AppInit_DLLs".
Details
Ali Hussein
Released: March 20, 2024
Tables
DeviceProcessEvents
Keywords
DeviceProcessEvents
Operators
wherecontains