4688201331200x8020000000000000690764Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x2abec50xd60C:\Windows\System32\rundll32.exe%%19360xcfcrundll32.exe user32.dll,UpdatePerUserSystemParametersNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x8000000000000000129352Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-12 15:14:17.219{AE77D3C2-78C9-6578-8707-000000003203}3424C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXErundll32.exe user32.dll,UpdatePerUserSystemParametersC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-6BC6-6578-C5BE-2A0000000000}0x2abec52HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{AE77D3C2-78C5-6578-7907-000000003203}3324C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Temp\1.bat" "ATTACKRANGE\Administrator