Qakbot campaign process injection query is not correct

[ionsor]

I would like to bring to your attention that the Process injection by Qakbot malware is misleading since the query is actually for the cookie and browsing history theft of the same malware family. I checked with the report "Qakbot blight lingers, seeds ransomware" and did a pull request #429 for the correction needed.

The query DeviceProcessEvents | where FileName == "esentutl.exe" | where ProcessCommandLine has "WebCache" | where ProcessCommandLine has_any ("V01", "/s", "/d") | project ProcessCommandLine, InitiatingProcessParentFileName, DeviceId, Timestamp

is corresponding to cookie and browsing history theft and should have it's separate file.