Dllinjector.ini -

TargetProcess=svchost.exe

However, a skilled attacker will rename the file. So, don't just search for the filename. Hunt for the behavior . Dllinjector.ini

Next time you see a lone .ini file in a temp folder, don't ignore it. Open it up. You might just find a map leading straight to the attacker’s next move. Stay safe. Stay skeptical of running processes. TargetProcess=svchost

Let’s break down what this file is, how attackers use it, and what it looks like to a defender. The name is a dead giveaway. dllinjector.ini is a configuration file for a DLL injection tool . how attackers use it