154100x8000000000000000123456Microsoft-Windows-Sysmon/OperationalDESKTOP-ABC123.contoso.local-2023-05-15 14:32:45.123{a1b2c3d4-e5f6-7890-1234-567890abcdef}4567C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\AI_STUBS\AiStubX64Elevated.exe20.2.1.2PopupWrapperAdvanced InstallerCaphyonpopupwrapper.exe"C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\AI_STUBS\AiStubX64Elevated.exe" -appid MaliciousApp -appdir "C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\"C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\DESKTOP-ABC123\User{a1b2c3d4-e5f6-7890-1234-abcdef123456}0x123451MediumSHA1=1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C6D7E8F9A0B,MD5=1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C6D,SHA256=1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C6D7E8F9A0B1C2D3E4F5A6B7C8D9E0F1A2B{a1b2c3d4-e5f6-7890-1234-fedcba098765}1234C:\Windows\explorer.exeC:\Windows\Explorer.EXEDESKTOP-ABC123\User 154100x8000000000000000123457Microsoft-Windows-Sysmon/OperationalDESKTOP-ABC123.contoso.local-2023-05-15 14:33:12.456{a1b2c3d4-e5f6-7890-1234-567890abcdef}4568C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\AI_STUBS\AiStubX86.exe20.2.1.2PopupWrapperAdvanced InstallerCaphyonpopupwrapper.exe"C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\AI_STUBS\AiStubX86.exe" -appid MaliciousApp -appdir "C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\"C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\DESKTOP-ABC123\User{a1b2c3d4-e5f6-7890-1234-abcdef123456}0x123451MediumSHA1=2A3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B,MD5=2A3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D,SHA256=2A3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B2C3D4E5F6A7B8C9D0E1F2A3B{a1b2c3d4-e5f6-7890-1234-fedcba098765}1234C:\Windows\explorer.exeC:\Windows\Explorer.EXEDESKTOP-ABC123\User 154100x8000000000000000123458Microsoft-Windows-Sysmon/OperationalDESKTOP-DEF456.contoso.local-2023-05-15 14:34:23.789{d4e5f6a7-b8c9-0123-4567-89abcdef0123}5678C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\AI_STUBS\AiStubX86Elevated.exe20.2.1.2PopupWrapperAdvanced InstallerCaphyonpopupwrapper.exe"C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\AI_STUBS\AiStubX86Elevated.exe" -appid FakeInstaller -appdir "C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\"C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\DESKTOP-DEF456\Admin{d4e5f6a7-b8c9-0123-4567-89abcdef0123}0x678901MediumSHA1=3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B2C,MD5=3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E,SHA256=3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B2C3D4E5F6A7B8C9D0E1F2A3B4C{d4e5f6a7-b8c9-0123-4567-89abcdef4567}2345C:\Windows\explorer.exeC:\Windows\Explorer.EXEDESKTOP-DEF456\Admin