Update detect-suspicious-mshta-usage.md

Author: tali-ash

Execution/detect-suspicious-mshta-usage.md

@@ -12,8 +12,8 @@ The following query detects when mshta.exe has been run, which might include ill
 
 ```Kusto
 // mshta.exe script launching processes
-ProcessCreationEvents
-| where EventTime > ago(7d)
+DeviceProcessEvents 
+| where Timestamp > ago(7d)
 and InitiatingProcessFileName =~ 'mshta.exe'
 and InitiatingProcessCommandLine contains '<script>'
 ```
@@ -42,4 +42,4 @@ This query can be used to detect the following attack techniques and tactics ([s
 
 ## Contributor info
 
-**Contributor:** Microsoft Threat Protection team
+**Contributor:** Microsoft Threat Protection team