From 9e3fdb539e3fb1042df40096dbeef76904422ffa Mon Sep 17 00:00:00 2001
From: Yanai Lipshitz <33809628+Yanaili@users.noreply.github.com>
Date: Mon, 8 Jul 2019 16:15:41 +0300
Subject: [PATCH] Update appinit.py

Regkey's regex fix.
---
 modules/signatures/windows/appinit.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/signatures/windows/appinit.py b/modules/signatures/windows/appinit.py
index df2f6e144..7fc7138ba 100644
--- a/modules/signatures/windows/appinit.py
+++ b/modules/signatures/windows/appinit.py
@@ -14,7 +14,7 @@ class InstallsAppInit(Signature):
     ttp = ["T1103"]
 
     regkeys_re = [
-        ".*\\\\SOFTWARE\\\\Microsoft\\\\Windows\\ NT\\\\CurrentVersion\\\\Windows\\\\Appinit_Dlls",
+         ".*\\\\SOFTWARE\\\\(Wow6432Node\\\\)?Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Appinit_Dlls",
     ]
 
     def on_complete(self):