drop 4688 evtx csv or file listing · flag executables mimicking windows binaries from wrong paths · svchost from downloads · csv export · runs locally
input
drop 4688 csv or path listing
or click
wrong-path · typosquat · homoglyph · double extension · fake system32 · trailing space
drop 4688 evtx csv or file listing with executable paths
optional path list