[Informational] Suspicious process loads a known PowerShell module
[High] Office process loads a known PowerShell DLL - Modified Metadata
[Low] Possible DLL Search Order Hijacking
[Low] Possible DLL Search Order Hijacking - DLL downloaded from an uncommon source - Modified Metadata
[Low] Possible DLL Search Order Hijacking - DLL extracted from an internet-downloaded archive - Modified Metadata
[Low] Possible DLL Search Order Hijacking by DLL Substitution - Modified Metadata
[Informational] First-seen email from mailbox owner to external recipient's address in the last 30 days
[Informational] Local group enumeration
[Low -> Informational] Local group enumeration using a builtin Windows binary - Modified Metadata
[Informational] Unrecognized sender address