Credential Access - Comsvc Minidump

I believe confusion with the attached alert is similar to what happened with a previous Topic I posted. where the child process happened after launch of the parent process, but they aren’t actually related to each other.

In the alert below, the hostname REMOTEPC1, in the RunDll32 command, has not existed for a couple months.
The .dmp file is from a custom internally developed application.

The user acknowledged that they routinely assist the user of the REMOTEPC1 and routinely remove the .dmp files. The remote user PC used to be called REMOTEPC1 but has been renamed to REMOTEPC2.

What I don’t understand is why this alert was triggered? It seems like a false positive, but I like to try to have some evidence to prove that before I move on.

"hostname": "DESKTOPPC1",
  "dns_domain": "mydomain.local",
  "os_type": "WINDOWS",
  "r7_hostid": "de49b3901c018...",
  "process": {
    "start_time": "2022-05-28T10:06:43.258Z",
    "name": "rundll32.exe",
    "pid": 10860,
    "r7_id": "ae0f5a3ce8eff835ba7261be5...",
    "exe_path": "C:\\Windows\\System32\\rundll32.exe",
    "cmd_line": "rundll32.exe C:\\WINDOWS\\system32\\davclnt.dll,DavSetCookie REMOTEPC1 http://remotepc1/c%%24/Program%%20Files%%20(x86)/CustomDirectory/Application1/_minidump.dmp",
    "username": "NT AUTHORITY\\SYSTEM",
    "session": 0,
    "exe_file": {
      "owner": "NT SERVICE\\TrustedInstaller",
      "orig_filename": "RUNDLL32.EXE",
      "description": "Windows host process (Rundll32)",
      "product_name": "Microsoft® Windows® Operating System",
      "version": "10.0.19041.746 (WinBuild.160101.0800)",
      "created": "2022-01-20T20:23:47.850Z",
      "last_modified": "2022-01-20T20:23:47.850Z",
      "size": 71680,
      "internal_name": "rundll",
      "hashes": {
        "md5": "ef3179d498793bf4234f708d3be28633",
        "sha256": "b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa",
        "sha1": "dd399ae46303343f9f0da189aee11c67bd868222"
      "signing_status": "UNSIGNED"
    "hash_reputation": {
      "reputation": "Known",
      "threat_level": "None",
      "reliability": "Very High",
      "first_analyzed_time": "2021-01-13T05:51:18.000Z",
      "engine_count": 25,
      "engine_match": 0,
      "engine_percent": 0
  "parent_process": {
    "start_time": "2022-05-27T14:10:20.694Z",
    "name": "svchost.exe",
    "pid": 6952,
    "ppid": 744,
    "r7_id": "229c8b49853aebf4b011aa3b57b...",
    "exe_path": "C:\\Windows\\System32\\svchost.exe",
    "cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService -p -s WebClient",
    "username": "NT AUTHORITY\\LOCAL SERVICE",
    "session": 0,
    "exe_file": {
      "owner": "NT SERVICE\\TrustedInstaller",
      "orig_filename": "svchost.exe",
      "description": "Host Process for Windows Services",
      "product_name": "Microsoft® Windows® Operating System",
      "version": "10.0.19041.1566 (WinBuild.160101.0800)",
      "created": "2022-03-22T05:11:07.673Z",
      "last_modified": "2022-03-22T05:11:07.677Z",
      "size": 59952,
      "internal_name": "svchost.exe",
      "hashes": {
        "md5": "cd10cb894be2128fca0bf0e2b0c27c16",
        "sha256": "f3feb95e7bcfb0766a694d93fca29eda7e2ca977c2395b4be75242814eb6d881",
        "sha1": "1f912d4bec338ef10b7c9f19976286f8acc4eb97"
      "signing_status": "SIGNED_VALID",
      "signing_chain": [
          svchost.exe sigining info and environmental variables
  "endpoint_id": "de49b3901c0...",
  "endpoint_vendor": "Rapid7",
  "r7_context": {
    "asset": {
      "rrn": "rrn:uba:us:...1e7-454b-...",
      "name": "DESKTOPPC1"