Trojan

Windows 10 workstation (DESKTOP-38NVPD0) compromised through user execution of malicious
software masquerading as legitimate data recovery tool. Malware downloaded from compromised
website, established C2 communications, and downloaded secondary payload. Investigation
conducted using memory forensics (Volatility 3), disk forensics (FTK Imager), and prefetch analysis
(PECmd.exe).