\n",
" \n",
" 0 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-08T17:22:37.8742974Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" notepad.exe | \n",
" b6d237154f2e528f0b503b58b025862d66b02b73 | \n",
" | \n",
" | \n",
" 454 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 1 | \n",
" da637111470533220658_-1814166510 | \n",
" 2019-12-05T12:34:34.7864124Z | \n",
" 1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739 | \n",
" olaa-win10pro-1607 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" powershell.exe | \n",
" 044a0cf1f6bc478a7172bf207eef1e201a18ba02 | \n",
" | \n",
" | \n",
" 4369 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 2 | \n",
" da637111470533220658_-1814166510 | \n",
" 2019-12-05T12:34:34.7864124Z | \n",
" 1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739 | \n",
" olaa-win10pro-1607 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" cmd.exe | \n",
" 99ae9c73e9bee6f9c76d6f4093a9882df06832cf | \n",
" | \n",
" | \n",
" 4369 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 3 | \n",
" da637111448595540767_-885088719 | \n",
" 2019-12-05T12:11:25.5486226Z | \n",
" 499bdd5330f78dc82d0051c8d7a9eb9d69f88333 | \n",
" nestorw-win10pro-1803 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" powershell.exe | \n",
" 1b3b40fbc889fd4c645cc12c85d0805ac36ba254 | \n",
" | \n",
" | \n",
" 14968 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 4 | \n",
" da637111448595540767_-885088719 | \n",
" 2019-12-05T12:11:25.5486226Z | \n",
" 499bdd5330f78dc82d0051c8d7a9eb9d69f88333 | \n",
" nestorw-win10pro-1803 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" cmd.exe | \n",
" 3ce71813199abae99348f61f0caa34e2574f831c | \n",
" | \n",
" | \n",
" 14968 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 5 | \n",
" da637111835325717564_-1865655676 | \n",
" 2019-12-05T16:05:46.4778106Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" powershell.exe | \n",
" 36c5d12033b2eaf251bae61c00690ffb17fddc87 | \n",
" | \n",
" | \n",
" 2376 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 6 | \n",
" da637111835325717564_-1865655676 | \n",
" 2019-12-05T16:05:46.4778106Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" notepad.exe | \n",
" d487580502354c61808c7180d1a336beb7ad4624 | \n",
" | \n",
" | \n",
" 2376 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 7 | \n",
" da637111691253610692_623907060 | \n",
" 2019-12-05T16:50:16.9477916Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" powershell.exe | \n",
" 36c5d12033b2eaf251bae61c00690ffb17fddc87 | \n",
" | \n",
" | \n",
" 915 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 8 | \n",
" da637111691253610692_623907060 | \n",
" 2019-12-05T16:50:16.9477916Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" cmd.exe | \n",
" 8dca9749cd48d286950e7a9fa1088c937cbccad4 | \n",
" | \n",
" | \n",
" 915 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 9 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T16:56:18.6397738Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1190 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 10 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T16:56:18.6397738Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1190 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 11 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T16:56:18.6397738Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1190 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 12 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T16:56:18.6397738Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1190 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 13 | \n",
" da637111691251815824_2024877765 | \n",
" 2019-12-05T16:56:18.6407635Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" Persistence | \n",
" Anomaly detected in ASEP registry | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1187 | \n",
" RegistryEvents | \n",
"
\n",
" \n",
" 14 | \n",
" da637111691256543941_-1462732472 | \n",
" 2019-12-05T16:56:18.6407635Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" Persistence | \n",
" An uncommon file was created and added to a Ru... | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1187 | \n",
" RegistryEvents | \n",
"
\n",
" \n",
" 15 | \n",
" da637111691246094719_-1324223004 | \n",
" 2019-12-05T16:56:18.6685765Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Informational | \n",
" Execution | \n",
" EAF violation blocked by exploit protection | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1191 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 16 | \n",
" da637111618734194967_-707278866 | \n",
" 2019-12-05T16:56:18.8702258Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Low | \n",
" Malware | \n",
" An active 'Artoelo' malware was detected | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" | \n",
" | \n",
" | \n",
" 1200 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 17 | \n",
" da637111691251004475_-451474344 | \n",
" 2019-12-05T16:56:19.0725178Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Informational | \n",
" Malware | \n",
" 'Artoelo' malware was detected | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1194 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 18 | \n",
" da637111691511319089_701653122 | \n",
" 2019-12-05T17:01:20.0899859Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" SuspiciousActivity | \n",
" A suspicious file was observed | \n",
" powershell.exe | \n",
" 36c5d12033b2eaf251bae61c00690ffb17fddc87 | \n",
" | \n",
" | \n",
" 1449 | \n",
" FileCreationEvents | \n",
"
\n",
" \n",
" 19 | \n",
" da637111691521375847_1538423732 | \n",
" 2019-12-05T17:01:20.0899859Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" Execution | \n",
" Suspicious behavior by cmd.exe was observed | \n",
" powershell.exe | \n",
" 36c5d12033b2eaf251bae61c00690ffb17fddc87 | \n",
" | \n",
" | \n",
" 1449 | \n",
" FileCreationEvents | \n",
"
\n",
" \n",
" 20 | \n",
" da637111691521375847_1538423732 | \n",
" 2019-12-05T17:12:41.4195893Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" Execution | \n",
" Suspicious behavior by cmd.exe was observed | \n",
" WindowsDefenderAtpProvisioningService.exe | \n",
" 2f5a566429f0df02dd0dfb45be075531f332a887 | \n",
" | \n",
" | \n",
" 1960 | \n",
" FileCreationEvents | \n",
"
\n",
" \n",
" 21 | \n",
" da637111691511319089_701653122 | \n",
" 2019-12-05T17:12:41.4195893Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" SuspiciousActivity | \n",
" A suspicious file was observed | \n",
" WindowsDefenderAtpProvisioningService.exe | \n",
" 2f5a566429f0df02dd0dfb45be075531f332a887 | \n",
" | \n",
" | \n",
" 1960 | \n",
" FileCreationEvents | \n",
"
\n",
" \n",
" 22 | \n",
" da637111691521375847_1538423732 | \n",
" 2019-12-05T17:12:41.4195893Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" Execution | \n",
" Suspicious behavior by cmd.exe was observed | \n",
" cmd.exe | \n",
" | \n",
" | \n",
" | \n",
" 1960 | \n",
" FileCreationEvents | \n",
"
\n",
" \n",
" 23 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T17:12:43.2754844Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1972 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 24 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T17:12:43.2754844Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1972 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 25 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T17:12:43.2754844Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1972 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 26 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T17:12:43.2754844Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1972 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 27 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T17:12:43.2754844Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" RuntimeBroker.exe | \n",
" 7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27 | \n",
" | \n",
" | \n",
" 1972 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 28 | \n",
" da637111691236503999_-1316647445 | \n",
" 2019-12-05T17:12:43.2754844Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1972 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 29 | \n",
" da637111691251815824_2024877765 | \n",
" 2019-12-05T17:12:43.2822557Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" Persistence | \n",
" Anomaly detected in ASEP registry | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1970 | \n",
" RegistryEvents | \n",
"
\n",
" \n",
" 30 | \n",
" da637111691256543941_-1462732472 | \n",
" 2019-12-05T17:12:43.2822557Z | \n",
" be333ec5312b6aaf4936cc33784577857108bc3a | \n",
" arifb-win10edun-1903 | \n",
" Medium | \n",
" Persistence | \n",
" An uncommon file was created and added to a Ru... | \n",
" WinATP-Intro-Backdoorgpj.exe | \n",
" 79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc | \n",
" | \n",
" | \n",
" 1970 | \n",
" RegistryEvents | \n",
"
\n",
" \n",
" 31 | \n",
" da637111536085551266_1012263407 | \n",
" 2019-12-05T14:38:34.3208724Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" powershell.exe | \n",
" 6cbce4a295c163791b60fc23d285e6d84f28ee4c | \n",
" | \n",
" | \n",
" 45 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 32 | \n",
" da637111536085551266_1012263407 | \n",
" 2019-12-05T14:38:34.3208724Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" cmd.exe | \n",
" 8c5437cd76a89ec983e3b364e219944da3dab464 | \n",
" | \n",
" | \n",
" 45 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 33 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-05T15:06:20.3372768Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" powershell.exe | \n",
" 6cbce4a295c163791b60fc23d285e6d84f28ee4c | \n",
" | \n",
" | \n",
" 256 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 34 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-05T15:06:20.3372768Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" notepad.exe | \n",
" b6d237154f2e528f0b503b58b025862d66b02b73 | \n",
" | \n",
" | \n",
" 256 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 35 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-05T15:22:44.3072402Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" powershell.exe | \n",
" 6cbce4a295c163791b60fc23d285e6d84f28ee4c | \n",
" | \n",
" | \n",
" 368 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 36 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-05T15:22:44.3072402Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" notepad.exe | \n",
" b6d237154f2e528f0b503b58b025862d66b02b73 | \n",
" | \n",
" | \n",
" 368 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 37 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-05T16:02:02.3857966Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" powershell.exe | \n",
" 6cbce4a295c163791b60fc23d285e6d84f28ee4c | \n",
" | \n",
" | \n",
" 162 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 38 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-05T16:02:02.3857966Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" notepad.exe | \n",
" b6d237154f2e528f0b503b58b025862d66b02b73 | \n",
" | \n",
" | \n",
" 162 | \n",
" MiscEvents | \n",
"
\n",
" \n",
" 39 | \n",
" da637111536085551266_1012263407 | \n",
" 2019-12-08T15:59:28.1181531Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" cmd.exe | \n",
" 8c5437cd76a89ec983e3b364e219944da3dab464 | \n",
" | \n",
" | \n",
" 130 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 40 | \n",
" da637111536085551266_1012263407 | \n",
" 2019-12-08T15:59:28.1181531Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" powershell.exe | \n",
" 6cbce4a295c163791b60fc23d285e6d84f28ee4c | \n",
" | \n",
" | \n",
" 130 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 41 | \n",
" da637111536085551266_1012263407 | \n",
" 2019-12-08T17:11:14.931633Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" cmd.exe | \n",
" 8c5437cd76a89ec983e3b364e219944da3dab464 | \n",
" | \n",
" | \n",
" 137 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 42 | \n",
" da637111536085551266_1012263407 | \n",
" 2019-12-08T17:11:14.931633Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Informational | \n",
" Execution | \n",
" [Test Alert] Suspicious Powershell commandline | \n",
" powershell.exe | \n",
" 6cbce4a295c163791b60fc23d285e6d84f28ee4c | \n",
" | \n",
" | \n",
" 137 | \n",
" ProcessCreationEvents | \n",
"
\n",
" \n",
" 43 | \n",
" da637111553314888493_-215032980 | \n",
" 2019-12-08T17:22:37.8742974Z | \n",
" f17cf15efe963a9810a0ad1c1842db543bba8775 | \n",
" pradeepg-win10entn-1809 | \n",
" Medium | \n",
" DefenseEvasion | \n",
" Suspicious process injection observed | \n",
" powershell.exe | \n",
" 6cbce4a295c163791b60fc23d285e6d84f28ee4c | \n",
" | \n",
" | \n",
" 454 | \n",
" MiscEvents | \n",
"
\n",
" \n",
"