Report #11045 check_circle

  • Creation Date: Sept. 4, 2020, 4:50 p.m.
  • Last Update: Sept. 4, 2020, 4:55 p.m.
  • File: Dropper_002_xor.exe
  • Results:
Binary
DLL
False cancel
Size
819.50KB
trid
82.0% Win64 Executable
6.0% OS/2 Executable
5.9% Generic Win/DOS Executable
5.9% DOS Executable Generic
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
69ab751929c23c4d85c774a3efd8ba2e
sha1
729440e7e55e6836bc19fe29367ad25f945fdfed
crc32
0xcce0a567
sha224
5712b96c404ff96464765a68230f8f057a2f5dc0525d04ed9abf3558
sha256
75f118618689fa9f2aa86f07d9c1d55f03b50d72742ed1e6f98ac61c92d75fbd
sha384
9c778cf27274d1ac14a9cec52f2b055a3b9c0cf2ece1c49c177ec46d79cdda8d6fa2e9eefca7e1b2c35d2e14ad445a51
sha512
94fd480f28614eec3a3d7584b7644b7c4c3fe70ca408365b180060144eb62b589e4eb3f60c7458cf70689bbdf369675fd38b7aecd219d908f31620a72eb49a25
ssdeep
12288:m9RdxmLWuzpNSDBw0ihV+uzBjs7QvATE3pxPZSu+l8Y:m9zxmLsVgV+q47eATE3pxPZS/l
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, anti_dbg, IsPE64, Obfuscated_Strings, win_registry, HasDebugData, IsConsole, Microsoft_Visual_Cpp_80_DLL, HasRichSignature, Big_Numbers1, Big_Numbers0

Suspicious
True check_circle

Strings
List
C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
G8.ir
COMCTL32.dll
MSVCR110.dll
WINMM.dll
UxTheme.dll
proc.exe
proc.exe
{r5,er5pdr5
5%5%5%5%5!5!5%5'4%5%5%5!5'4%5%5%5%5%54444444444444444444444444444444444444444444444%544444444444444747474747474747474747474747474747474747474747474%57474747474747474445555
5=5%5%5%5%5%5%5%5%5%5'4%5%5
1619%%=(=*6=55555X5\5[5^5P5G5[5P5Y5i5V5G5A5F5i5@5V5G5A5i5F5G5V5i5T5E5E5V5G5A5i5A5G5T5[5i5\5
564>4;%5m255E055555%f555%555E2555u55%5557553555555535555555558551555555655
p%e]E|}5_5_5_5_5
H%5AB_5_`
47474747474747474747474747474747474747474%5%5%5%5
H%5A<
H%5A$
H%5A)
H%5A<
H%5A<
H%5A<
H%5A<
H%5A!
H%5A<
H%5A<
H%5A:
H%5A<
H%5A<
H%5A<
H%5A<
H%5A<
H%5A<
H%5A:
O%5A<
H%5A&
H%5A:
H%5A>
H%5A<
H%5A>
H%5A$
H%5A!
H%5A:
H%5A:
H%5A&
H%5A<
H%5A:
H%5A&
H%4A]
H%5A>
H%5A<
H%5A>
H%5A>
H%5A<
H%5A<
H%5A<
H%5A$
H%5A!
H%5A<
H%5A&
%e755
O%5A9
H%5A9
H%5A9
H%5A9
H%5A2
H%5A8
H%5A9
H%5A9
H%5A9
%Er5h
H%5A9
H%5A9
O%5A9
O%5A9
O%5A9
H%5A9
H%5Au
H%5A9
H%5A3
~yx{zedgfa`cbmlo55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555%%%%%%%%%%%%%%%%%%%%%%%%%%555555
44444444444444444444444444444444444444444%5%5%5%5%5%5
54545454545454545454545454545454545454545%5%5%5%5%5%5
5}5%5%5%5%5%5%5%5%5%5%5%5%5%5%5%5
5}5%5%5%5%5%5%5%5%5%5%5%5%5%5%5%5
<requestedPrivileges>
57575757575757575757575757575757575757575%5%5%5%5
__crt_debugger_hook
5%5%5%5%5%5%5%5
5%5%5%5%5%5%5%5
[455]
}5#555
}5#555
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
D155e
D755e
CreateProcessW
e755d

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, SHLWAPI.dll, RPCRT4.dll, OLEAUT32.dll, UxTheme.dll, SHELL32.dll, MSVCR110.dll, COMCTL32.dll, ole32.dll, USER32.dll, GDI32.dll, KERNEL32.dll, WINMM.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 834560
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shlwapi.dll, rpcrt4.dll, oleaut32.dll, uxtheme.dll, shell32.dll, comctl32.dll, ole32.dll, user32.dll, gdi32.dll, kernel32.dll, winmm.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-04 16:49:45
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
razy
1
VirusTotal
md5
69ab751929c23c4d85c774a3efd8ba2e
sha1
729440e7e55e6836bc19fe29367ad25f945fdfed
SCANS (DETECTION RATE = 28.99%)
AVG
result: Win32:TrojanX-gen [Trj]
update: 20200904
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200904
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=87)
update: 20200904
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200904
version: 6.67
detected: True check_circle

Bkav
update: 20200904
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200904
version: 11.134.35169
detected: False cancel

ALYac
result: Gen:Variant.Razy.705650
update: 20200904
version: 1.1.1.5
detected: True check_circle

Avira
result: TR/AD.MortyStealer.hsr
update: 20200904
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200904
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200904
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.PWS.Maria.4
update: 20200904
version: 7.0.48.8080
detected: True check_circle

GData
result: Gen:Variant.Razy.705650
update: 20200904
version: A:25.26885B:27.20051
detected: True check_circle

Panda
update: 20200904
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200904
version: 4.4.1
detected: False cancel

VIPRE
update: 20200904
version: 86442
detected: False cancel

Zoner
update: 20200904
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200904
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200904
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200904
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Remcos!8.B89E (TFE:5:IBRWLZzTx1N)
update: 20200904
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200904
version: 4.98.0
detected: False cancel

Yandex
update: 20200904
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200904
version: 2.0.0.4169
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Razy.DAC472
update: 20200904
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200904
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200831
version: 4.0.8
detected: False cancel

FireEye
result: Generic.mg.69ab751929c23c4d
update: 20200904
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200904
version: 2020-09-04.02
detected: False cancel

Tencent
update: 20200904
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200904
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200904
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200904
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.705650
update: 20200904
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200904
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Razy.705650 (B)
update: 20200904
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.MortyStealer.hsr
update: 20200904
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200904
version: 6.2.142.0
detected: False cancel

Invincea
result: Generic ML PUA (PUA)
update: 20200904
version: 1.0.1.0
detected: True check_circle

Jiangmin
update: 20200904
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200904
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200904
version: 1.0
detected: False cancel

Symantec
update: 20200904
version: 1.12.0.0
detected: False cancel

AhnLab-V3
update: 20200904
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
update: 20200904
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20200904
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20200904
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200904
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200904
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200904
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: Win32/Agent.TJS
update: 20200904
version: 21936
detected: True check_circle

TrendMicro
update: 20200904
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Razy.705650
update: 20200904
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200904
version: 11.134.35167
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
update: 20200904
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200904
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200904
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.AveMaria.hmprvz
update: 20200904
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaF.34216.YqW@a4jJxRki
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.705650
update: 20200904
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200904
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200904
version: 10.0.0.1040
detected: False cancel

total
69
sha256
75f118618689fa9f2aa86f07d9c1d55f03b50d72742ed1e6f98ac61c92d75fbd
scan_id
75f118618689fa9f2aa86f07d9c1d55f03b50d72742ed1e6f98ac61c92d75fbd-1599249036
resource
69ab751929c23c4d85c774a3efd8ba2e
positives
20
scan_date
2020-09-04 19:50:36
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.700Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Unknown1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Open1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Monitor
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\Monitor
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Monitor
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\Monitor
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Monitor
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\Monitor
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.981Read1480C:\malware.exeC:\Monitor\proc.exe
4/9/2020 - 15:45:42.981Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\Monitor
4/9/2020 - 15:45:42.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows
4/9/2020 - 15:45:43.28Unknown1488C:\Monitor\proc.exeC:\Windows
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Monitor
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
4/9/2020 - 15:45:43.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Monitor\version.DLL
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Monitor\NETAPI32.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\netapi32.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\netapi32.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Monitor\netutils.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Monitor\srvcli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Monitor\wkscli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\wkscli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\wkscli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Monitor\SAMCLI.DLL
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\samcli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\samcli.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Monitor\bcrypt.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
4/9/2020 - 15:46:30.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
4/9/2020 - 15:46:30.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:46:30.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:46:30.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:46:30.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:46:30.403Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\devenum.dll
4/9/2020 - 15:46:30.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\devenum.dll
4/9/2020 - 15:46:30.684Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
4/9/2020 - 15:46:30.684Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
4/9/2020 - 15:46:30.684Open1488C:\Monitor\proc.exeC:\Monitor\ntmarta.dll
4/9/2020 - 15:46:30.684Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
4/9/2020 - 15:46:30.684Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
4/9/2020 - 15:46:30.731Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/9/2020 - 15:46:30.731Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:46:30.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\msdmo.dll
4/9/2020 - 15:46:30.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\msdmo.dll
4/9/2020 - 15:46:30.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\avicap32.dll
4/9/2020 - 15:46:30.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\avicap32.dll
4/9/2020 - 15:46:31.106Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\msvfw32.dll
4/9/2020 - 15:46:31.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\msvfw32.dll
4/9/2020 - 15:46:31.387Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
4/9/2020 - 15:46:31.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/9/2020 - 15:46:31.387Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/9/2020 - 15:46:31.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/9/2020 - 15:46:31.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/9/2020 - 15:46:31.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/9/2020 - 15:46:32.622Open1488C:\Monitor\proc.exeC:\Program Files\Microsoft DN1
4/9/2020 - 15:46:32.622Unknown1488C:\Monitor\proc.exeC:\Program Files\Microsoft DN1
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:32.637Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
4/9/2020 - 15:46:32.637Unknown1488C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/9/2020 - 15:46:32.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:32.637Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
4/9/2020 - 15:46:33.153Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft Vision
4/9/2020 - 15:46:33.153Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft Vision
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Monitor\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Monitor\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Windows\system\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Windows\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Windows\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\powershell.exe
4/9/2020 - 15:46:33.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:46:33.200Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.200Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:46:33.200Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.200Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:46:33.200Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.247Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.293Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.340Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:33.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:46:33.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\
4/9/2020 - 15:46:33.387Unknown1488C:\Monitor\proc.exeC:\
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows
4/9/2020 - 15:46:33.387Unknown1488C:\Monitor\proc.exeC:\Windows
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:46:33.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:33.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:46:33.387Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.387Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.387Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:33.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
4/9/2020 - 15:46:33.403Open1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.403Unknown1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.403Open1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.403Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Open1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Open1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Unknown1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.403Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.418Unknown1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.418Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:46:33.418Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:46:33.418Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat
4/9/2020 - 15:46:33.418Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start
4/9/2020 - 15:46:33.418Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Open1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Unknown1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Unknown1488C:\Monitor\proc.exeC:\ProgramData:ApplicationData
4/9/2020 - 15:46:33.418Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
4/9/2020 - 15:46:33.418Open1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe:Zone.Identifier
4/9/2020 - 15:46:33.434Open1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.434Write1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.481Unknown1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.481Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:46:33.481Open1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.481Unknown1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.481Open1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.481Unknown1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.481Open1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.481Unknown1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.481Open1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.481Unknown1488C:\Monitor\proc.exeC:\ProgramData
4/9/2020 - 15:46:33.481Open1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.481Read1488C:\Monitor\proc.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.481Open1488C:\Monitor\proc.exeC:\ProgramData\ui\SwDRM.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:33.481Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:33.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\Prefetch\WARZONE.EXE-1B27D963.pf
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows\System32\wow64log.dll
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Windows
4/9/2020 - 15:46:33.543Unknown2428C:\ProgramData\WARZONE.exeC:\Windows
4/9/2020 - 15:46:33.543Open2428C:\ProgramData\WARZONE.exeC:\Monitor
4/9/2020 - 15:46:33.637Unknown1488C:\Monitor\proc.exeC:\Windows
4/9/2020 - 15:46:33.637Unknown1488C:\Monitor\proc.exeC:\Monitor
4/9/2020 - 15:46:33.637Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/9/2020 - 15:46:33.637Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:33.762Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:46:33.762Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
4/9/2020 - 15:46:33.778Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:46:33.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
4/9/2020 - 15:46:33.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
4/9/2020 - 15:46:34.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:46:34.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:46:34.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:46:34.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:46:34.231Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:46:34.231Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:34.278Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
4/9/2020 - 15:46:34.278Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/9/2020 - 15:46:34.278Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:46:34.278Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:46:34.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:46:34.278Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
4/9/2020 - 15:46:34.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:46:34.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:46:34.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:46:34.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
4/9/2020 - 15:46:34.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
4/9/2020 - 15:46:34.403Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:34.403Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:34.403Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.403Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.403Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.403Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.403Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:34.403Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:34.403Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:46:34.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:34.418Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:34.418Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:46:34.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:46:34.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.450Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
4/9/2020 - 15:46:34.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
4/9/2020 - 15:46:34.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:34.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.528Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.528Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:46:34.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:46:34.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:34.575Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:34.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:34.590Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:46:34.590Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:46:34.590Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:46:34.590Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:46:34.590Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:46:34.606Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:46:34.606Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
4/9/2020 - 15:46:34.606Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
4/9/2020 - 15:46:34.606Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
4/9/2020 - 15:46:34.606Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
4/9/2020 - 15:46:36.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:46:36.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:36.122Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:36.122Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:36.122Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:36.122Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:36.122Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:36.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:46:37.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:46:37.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:46:37.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:46:37.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
4/9/2020 - 15:46:37.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:46:37.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:46:37.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
4/9/2020 - 15:46:37.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
4/9/2020 - 15:46:37.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:37.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:37.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:37.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:37.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:37.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:37.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
4/9/2020 - 15:46:37.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:46:37.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:46:37.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
4/9/2020 - 15:46:38.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
4/9/2020 - 15:46:38.12Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:38.12Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:38.12Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
4/9/2020 - 15:46:38.12Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
4/9/2020 - 15:46:38.12Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
4/9/2020 - 15:46:38.793Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:38.793Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:38.793Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
4/9/2020 - 15:46:38.793Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
4/9/2020 - 15:46:38.793Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
4/9/2020 - 15:46:39.950Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
4/9/2020 - 15:46:39.950Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:46:39.950Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:46:40.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
4/9/2020 - 15:46:40.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
4/9/2020 - 15:46:40.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.168Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.168Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.168Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.168Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:40.168Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:46:40.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:40.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.200Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.tempOMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.200Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.tempOMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.200Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.tempOMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.tempOMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:46:40.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH5WEIYDXRIB14ZL84A.tempOMH5WEIYDXRIB14ZL84A.temp
4/9/2020 - 15:46:40.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:46:40.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:46:40.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
4/9/2020 - 15:46:40.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
4/9/2020 - 15:46:40.231Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:46:40.231Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:46:40.231Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:46:40.340Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:46:44.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:46:44.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:44.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:44.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:46:44.465Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:46:44.465Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:46:44.559Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/9/2020 - 15:46:44.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:46:44.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:46:44.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:46:44.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:46:44.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:46:44.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:46:44.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
4/9/2020 - 15:46:45.684Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:47.293Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:47.293Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
4/9/2020 - 15:46:47.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
4/9/2020 - 15:46:47.325Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/9/2020 - 15:46:47.340Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.340Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/9/2020 - 15:46:47.340Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.340Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:47.622Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:46:47.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:46:47.934Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:46:47.934Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:48.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:48.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:48.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:48.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:48.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:48.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:49.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:49.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:49.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:49.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:49.668Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:50.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:50.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:50.606Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:50.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:50.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:51.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:51.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:51.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:51.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:52.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:52.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:52.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:52.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
4/9/2020 - 15:46:52.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:52.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:53.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:53.293Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:53.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:53.606Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:53.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:54.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:54.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:54.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:54.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:54.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:55.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:55.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:55.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:55.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:55.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:55.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:56.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:56.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:56.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:56.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:56.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:56.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:57.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:57.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:57.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:57.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:57.668Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:57.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:58.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:58.293Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:58.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:58.606Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:58.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:59.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:59.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:59.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:59.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:59.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:46:59.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:0.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:0.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:0.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:0.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:0.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:0.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:1.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:1.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:1.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:1.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:1.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:1.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:2.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:2.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:2.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:2.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:2.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
4/9/2020 - 15:47:2.668Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:4.903Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:5.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:5.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:5.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
4/9/2020 - 15:47:5.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
4/9/2020 - 15:47:5.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
4/9/2020 - 15:47:5.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
4/9/2020 - 15:47:5.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/9/2020 - 15:47:5.840Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:5.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/9/2020 - 15:47:5.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:5.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:5.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:5.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:5.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:6.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:6.934Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:6.934Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.90Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.90Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\version.DLL
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\NETAPI32.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\netapi32.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\netapi32.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\netutils.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\srvcli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\wkscli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\wkscli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\wkscli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\SAMCLI.DLL
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\samcli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\samcli.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\bcrypt.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\bcrypt.dll
4/9/2020 - 15:47:7.918Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\bcrypt.dll
4/9/2020 - 15:47:8.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:8.12Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:47:8.12Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:47:8.12Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:47:8.12Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:47:8.75Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\devenum.dll
4/9/2020 - 15:47:8.75Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\devenum.dll
4/9/2020 - 15:47:8.75Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\winmm.dll
4/9/2020 - 15:47:8.75Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\winmm.dll
4/9/2020 - 15:47:8.75Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\ntmarta.dll
4/9/2020 - 15:47:8.75Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\ntmarta.dll
4/9/2020 - 15:47:8.75Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\ntmarta.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/9/2020 - 15:47:8.122Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\msdmo.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\msdmo.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\avicap32.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\avicap32.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\msvfw32.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\msvfw32.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\WARZONE.exe.Local
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/9/2020 - 15:47:8.122Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/9/2020 - 15:47:8.122Open2428C:\ProgramData\WARZONE.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/9/2020 - 15:47:8.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:8.122Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:8.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:8.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:8.356Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:8.356Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:8.403Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.403Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:8.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:8.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:9.43Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:9.43Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:9.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:9.43Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:9.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:9.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:9.59Open2428C:\ProgramData\WARZONE.exeC:\Program Files\Microsoft DN1
4/9/2020 - 15:47:9.59Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:47:9.59Read2428C:\ProgramData\WARZONE.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:47:9.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:9.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:9.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:9.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:9.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Users\Behemot\AppData\Local
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Users\Behemot\AppData\Local
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Users\Behemot\AppData\Local\Microsoft Vision
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Monitor\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\system\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\wbem\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Windows
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:9.559Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:9.559Read2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
4/9/2020 - 15:47:9.559Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.590Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\
4/9/2020 - 15:47:9.590Unknown2428C:\ProgramData\WARZONE.exeC:\
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows
4/9/2020 - 15:47:9.590Unknown2428C:\ProgramData\WARZONE.exeC:\Windows
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.590Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.590Unknown2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.590Read2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.590Read2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.590Read2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.590Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\ui\SwDRM.dll
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
4/9/2020 - 15:47:9.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pfPOWERSHELL.EXE-767FB1AE.pf
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\Device\HarddiskVolume2
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\$EXTEND
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\$EXTEND
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\$EXTEND
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData\Roaming
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData\Roaming
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData\Roaming
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData\Roaming\Microsoft
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData\Roaming\Microsoft
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Default\AppData\Roaming\Microsoft
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:9.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR
4/9/2020 - 15:47:9.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR
4/9/2020 - 15:47:9.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR
4/9/2020 - 15:47:9.653Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
4/9/2020 - 15:47:9.653Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
4/9/2020 - 15:47:9.653Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
4/9/2020 - 15:47:9.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\ntdll.dll
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\ntdll.dll
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\kernel32.dll
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\kernel32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.715Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.715Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
4/9/2020 - 15:47:9.715Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.715Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\kernel32.dll
4/9/2020 - 15:47:9.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\kernel32.dll
4/9/2020 - 15:47:9.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\user32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\user32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntdll.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntdll.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\apisetschema.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\KernelBase.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\locale.nls
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\locale.nls
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\advapi32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\advapi32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msvcrt.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msvcrt.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcrt4.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcrt4.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sspicli.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sspicli.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptbase.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\user32.dll
4/9/2020 - 15:47:9.731Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
4/9/2020 - 15:47:9.731Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:47:9.731Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.731Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.731Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\user32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gdi32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gdi32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\lpk.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\lpk.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\usp10.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\usp10.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ole32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ole32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\oleaut32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\oleaut32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shlwapi.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shlwapi.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msctf.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msctf.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\clbcatq.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\clbcatq.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\userenv.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\userenv.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\profapi.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\profapi.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
4/9/2020 - 15:47:9.731Open2944C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
4/9/2020 - 15:47:9.731Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
4/9/2020 - 15:47:9.731Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.731Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.731Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.731Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.731Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\crypt32.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\crypt32.dll
4/9/2020 - 15:47:9.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msasn1.dll
4/9/2020 - 15:47:9.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msasn1.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\setupapi.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\setupapi.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cfgmgr32.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cfgmgr32.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\devobj.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\devobj.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows
4/9/2020 - 15:47:9.747Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows
4/9/2020 - 15:47:9.747Open2944C:\Windows\SysWOW64\cmd.exeC:\Monitor
4/9/2020 - 15:47:9.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:9.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:47:9.809Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
4/9/2020 - 15:47:9.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:47:9.809Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\locale.nls
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\ntdll.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\kernel32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\kernel32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\user32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntdll.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\advapi32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msvcrt.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcrt4.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sspicli.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\user32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gdi32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\lpk.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\usp10.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ole32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\oleaut32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shlwapi.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msctf.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\clbcatq.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\userenv.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\profapi.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:9.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\crypt32.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\msasn1.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\setupapi.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cfgmgr32.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\devobj.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\Device\HarddiskVolume2
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:9.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:9.840Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:9.965Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Monitor
4/9/2020 - 15:47:9.965Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Monitor
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\
4/9/2020 - 15:47:9.965Unknown2944C:\Windows\SysWOW64\cmd.exeC:\
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Monitor
4/9/2020 - 15:47:9.965Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Monitor
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\Branding\Basebrd\Basebrd.dll
4/9/2020 - 15:47:9.965Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Branding\Basebrd\basebrd.dll
4/9/2020 - 15:47:9.981Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Branding\Basebrd\basebrd.dll
4/9/2020 - 15:47:9.981Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\Branding\Basebrd\Basebrd.dll
4/9/2020 - 15:47:9.981Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Branding\Basebrd\basebrd.dll
4/9/2020 - 15:47:9.981Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Branding\Basebrd\basebrd.dll
4/9/2020 - 15:47:9.981Open2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/9/2020 - 15:47:9.981Unknown2944C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:47:9.981Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.981Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:9.981Read2944C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:10.28Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/9/2020 - 15:47:10.90Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:10.90Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.90Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.90Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.90Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:10.90Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
4/9/2020 - 15:47:10.90Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:47:10.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
4/9/2020 - 15:47:10.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:10.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:10.168Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:47:10.168Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:47:10.168Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/9/2020 - 15:47:10.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
4/9/2020 - 15:47:10.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
4/9/2020 - 15:47:10.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:47:10.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:10.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:10.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
4/9/2020 - 15:47:10.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:10.231Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.231Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.231Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:10.231Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
4/9/2020 - 15:47:10.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:10.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
4/9/2020 - 15:47:10.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
4/9/2020 - 15:47:10.262Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
4/9/2020 - 15:47:10.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:10.262Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
4/9/2020 - 15:47:10.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:10.278Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:10.278Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:47:10.278Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:47:10.278Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.278Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
4/9/2020 - 15:47:10.293Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.309Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.309Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.309Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.309Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.309Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.309Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
4/9/2020 - 15:47:10.309Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.309Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.325Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.325Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
4/9/2020 - 15:47:10.325Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:47:10.325Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
4/9/2020 - 15:47:10.325Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:47:10.325Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
4/9/2020 - 15:47:10.340Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.340Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.356Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.356Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.418Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\propsys.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\propsys.dll
4/9/2020 - 15:47:10.418Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.418Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.418Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.418Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.418Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.418Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.434Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
4/9/2020 - 15:47:10.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:47:10.434Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
4/9/2020 - 15:47:10.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.434Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.434Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:47:10.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
4/9/2020 - 15:47:10.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
4/9/2020 - 15:47:10.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:47:10.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
4/9/2020 - 15:47:10.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.528Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.575Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.575Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.575Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\mswsock.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\mswsock.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\wship6.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\wship6.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\DNSAPI.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\dnsapi.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\dnsapi.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\IPHLPAPI.DLL
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\WINNSI.DLL
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\winnsi.dll
4/9/2020 - 15:47:10.606Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\winnsi.dll
4/9/2020 - 15:47:10.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.622Open2944C:\Windows\SysWOW64\cmd.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:47:10.622Read2944C:\Windows\SysWOW64\cmd.exeC:\ProgramData\WARZONE.exe
4/9/2020 - 15:47:10.668Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.668Open2428C:\ProgramData\WARZONE.exeC:\ProgramData\rasadhlp.dll
4/9/2020 - 15:47:10.668Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\rasadhlp.dll
4/9/2020 - 15:47:10.668Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\rasadhlp.dll
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntmarta.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF12582a.TMP
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF12582a.TMPd93f411851d7c929.customDestinations-ms~RF12582a.TMP
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZA9GKKJBBR0QO3GU4DI.temp5ZA9GKKJBBR0QO3GU4DI.temp
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF12582a.TMP
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\Files\DeletedFiles
4/9/2020 - 15:47:10.684Delete516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF12582a.TMP
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.684Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.684Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/9/2020 - 15:47:10.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.700Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.700Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
4/9/2020 - 15:47:10.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/9/2020 - 15:47:10.762Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.762Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.762Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.762Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.762Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.840Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
4/9/2020 - 15:47:10.918Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
4/9/2020 - 15:47:10.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:10.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:11.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:11.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:11.293Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.325Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
4/9/2020 - 15:47:11.325Open2428C:\ProgramData\WARZONE.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
4/9/2020 - 15:47:11.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:11.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/9/2020 - 15:47:11.606Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/9/2020 - 15:47:11.793Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:11.793Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/9/2020 - 15:47:11.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:11.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:11.887Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:11.887Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/9/2020 - 15:47:11.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:11.934Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:11.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.28Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.122Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.684Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.778Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.778Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:12.950Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:12.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.950Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:12.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.950Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:12.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:12.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.28Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.28Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:13.28Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:13.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:13.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:13.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:13.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:13.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:13.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:14.247Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
4/9/2020 - 15:47:14.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:47:14.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:47:14.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:14.247Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.247Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:14.247Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.247Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
4/9/2020 - 15:47:14.247Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:47:14.247Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
4/9/2020 - 15:47:14.247Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:14.247Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:14.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.293Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:14.293Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.293Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.293Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
4/9/2020 - 15:47:14.340Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
4/9/2020 - 15:47:14.434Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
4/9/2020 - 15:47:14.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
4/9/2020 - 15:47:14.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.528Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.668Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.809Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
4/9/2020 - 15:47:14.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:14.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:14.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:14.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.59Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:15.59Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
4/9/2020 - 15:47:15.59Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
4/9/2020 - 15:47:15.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
4/9/2020 - 15:47:15.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
4/9/2020 - 15:47:15.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:15.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:15.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:15.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:15.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:15.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:15.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:15.575Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
4/9/2020 - 15:47:15.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
4/9/2020 - 15:47:15.762Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:15.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
4/9/2020 - 15:47:15.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:15.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:15.903Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:15.903Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
4/9/2020 - 15:47:15.903Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:15.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:15.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.418Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.465Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.465Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.465Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.559Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:16.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:16.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.559Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:16.700Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:16.747Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.747Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.793Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.840Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.934Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.934Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:16.981Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:17.28Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:17.75Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:17.122Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:17.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:17.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.309Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.309Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.356Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.403Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.450Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.450Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.450Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.450Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:17.450Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.450Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:17.450Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.450Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:17.450Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.450Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.450Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:17.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:17.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:17.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:17.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:17.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.700Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.762Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.856Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:17.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.856Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
4/9/2020 - 15:47:17.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:17.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
4/9/2020 - 15:47:17.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
4/9/2020 - 15:47:17.950Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
4/9/2020 - 15:47:17.950Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
4/9/2020 - 15:47:17.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
4/9/2020 - 15:47:17.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
4/9/2020 - 15:47:17.997Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
4/9/2020 - 15:47:18.75Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.75Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
4/9/2020 - 15:47:18.75Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.122Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
4/9/2020 - 15:47:18.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:18.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:18.497Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.497Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:18.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:18.512Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.559Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.559Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.559Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.606Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.606Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.700Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:18.747Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:18.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:18.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
4/9/2020 - 15:47:18.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:18.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:18.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:18.793Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:18.793Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:18.809Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:18.809Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:18.809Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:18.856Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:18.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:18.903Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:18.903Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:18.903Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:18.950Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.43Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:19.43Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:19.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:19.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:19.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:19.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:19.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:19.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:19.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:19.918Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
4/9/2020 - 15:47:19.872Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
4/9/2020 - 15:47:20.12Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.12Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
4/9/2020 - 15:47:20.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.153Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.153Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
4/9/2020 - 15:47:20.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.247Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.293Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.340Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:20.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:20.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.387Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:20.387Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:20.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:20.481Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.481Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.528Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.622Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.622Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.622Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.622Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.668Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.762Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.809Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:20.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:20.856Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:20.856Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:20.856Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.856Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:20.856Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:20.856Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:20.856Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:20.903Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.903Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.903Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.950Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/9/2020 - 15:47:20.950Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:20.997Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:21.43Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:21.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:21.43Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:21.90Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:21.137Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:21.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:21.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.247Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.247Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.293Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.293Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.340Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.387Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.481Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.481Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.497Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:21.497Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:21.497Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:21.497Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:21.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.512Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.512Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:21.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
4/9/2020 - 15:47:21.528Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
4/9/2020 - 15:47:21.528Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.575Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
4/9/2020 - 15:47:21.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.622Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.668Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.762Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.903Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:21.950Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:21.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.903Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:21.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:21.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:22.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:22.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:22.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:22.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.325Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.325Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.372Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.418Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.418Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.465Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.512Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:22.606Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:22.606Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.512Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:22.653Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:22.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:22.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.700Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.700Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.700Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.700Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.793Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.793Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.793Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.887Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:22.934Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:22.934Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.934Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
4/9/2020 - 15:47:22.934Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.934Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.934Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.934Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.934Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.934Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:22.934Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:22.934Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:22.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.997Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:22.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:22.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:22.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:23.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:23.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:23.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:23.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:23.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:23.528Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:23.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:23.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:23.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:23.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:23.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:23.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:23.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:23.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:23.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:23.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:23.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:23.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:23.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:23.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.122Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:24.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:24.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:24.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.247Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.293Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.340Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:25.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:25.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.903Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:25.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:25.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:26.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:26.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.90Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.278Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.278Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.418Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.418Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.606Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.606Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:26.840Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:26.840Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.840Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:26.887Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
4/9/2020 - 15:47:26.934Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.934Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:26.981Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:27.28Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:27.75Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:27.122Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:27.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:27.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:27.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:27.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
4/9/2020 - 15:47:27.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
4/9/2020 - 15:47:27.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
4/9/2020 - 15:47:27.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:27.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:27.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
4/9/2020 - 15:47:27.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
4/9/2020 - 15:47:27.262Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
4/9/2020 - 15:47:27.309Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
4/9/2020 - 15:47:27.309Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
4/9/2020 - 15:47:27.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:27.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:27.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.372Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
4/9/2020 - 15:47:27.372Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
4/9/2020 - 15:47:27.372Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:27.372Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:27.372Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
4/9/2020 - 15:47:27.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:27.387Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
4/9/2020 - 15:47:27.387Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:27.387Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.403Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:27.403Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:27.403Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
4/9/2020 - 15:47:27.403Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:27.403Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
4/9/2020 - 15:47:27.403Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:27.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:27.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:27.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:27.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
4/9/2020 - 15:47:28.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.153Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
4/9/2020 - 15:47:28.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
4/9/2020 - 15:47:28.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.200Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.215Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
4/9/2020 - 15:47:28.215Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
4/9/2020 - 15:47:28.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.403Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.450Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:28.590Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:28.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:28.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
4/9/2020 - 15:47:29.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.434Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
4/9/2020 - 15:47:29.434Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.497Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.543Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
4/9/2020 - 15:47:29.543Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.575Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
4/9/2020 - 15:47:29.575Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
4/9/2020 - 15:47:29.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.762Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.856Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.903Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:29.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:30.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.575Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:30.747Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:30.809Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:30.856Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:30.903Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:30.950Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:30.997Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.43Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.90Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.137Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.231Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.278Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.325Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.372Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.418Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.465Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:31.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.606Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.700Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.747Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.793Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.840Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.934Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:31.981Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:32.28Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:32.75Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:32.122Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
4/9/2020 - 15:47:32.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:32.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:32.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:32.309Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:32.356Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:32.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:32.481Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:32.481Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
4/9/2020 - 15:47:32.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:32.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:32.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
4/9/2020 - 15:47:32.528Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.528Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
4/9/2020 - 15:47:32.528Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.528Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
4/9/2020 - 15:47:32.575Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:32.575Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
4/9/2020 - 15:47:32.575Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:32.575Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
4/9/2020 - 15:47:32.668Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:32.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
4/9/2020 - 15:47:32.668Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:32.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
4/9/2020 - 15:47:32.668Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:32.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
4/9/2020 - 15:47:32.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:32.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
4/9/2020 - 15:47:32.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:32.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
4/9/2020 - 15:47:32.668Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:32.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
4/9/2020 - 15:47:32.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:32.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
4/9/2020 - 15:47:32.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:32.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:32.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
4/9/2020 - 15:47:32.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:32.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
4/9/2020 - 15:47:32.715Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:32.715Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:32.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
4/9/2020 - 15:47:32.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:32.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
4/9/2020 - 15:47:32.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:32.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
4/9/2020 - 15:47:32.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:32.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
4/9/2020 - 15:47:32.825Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:32.872Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
4/9/2020 - 15:47:32.872Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.872Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.918Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:32.918Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
4/9/2020 - 15:47:32.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:32.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
4/9/2020 - 15:47:33.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
4/9/2020 - 15:47:33.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
4/9/2020 - 15:47:33.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.122Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
4/9/2020 - 15:47:33.122Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.122Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/9/2020 - 15:47:33.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
4/9/2020 - 15:47:33.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
4/9/2020 - 15:47:33.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:33.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.215Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
4/9/2020 - 15:47:33.215Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
4/9/2020 - 15:47:33.278Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
4/9/2020 - 15:47:33.372Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:33.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.497Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
4/9/2020 - 15:47:33.512Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
4/9/2020 - 15:47:33.512Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
4/9/2020 - 15:47:33.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.512Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
4/9/2020 - 15:47:33.559Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.622Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
4/9/2020 - 15:47:33.622Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
4/9/2020 - 15:47:33.637Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.637Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
4/9/2020 - 15:47:33.715Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.715Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.715Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
4/9/2020 - 15:47:33.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:33.809Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
4/9/2020 - 15:47:33.809Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.809Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
4/9/2020 - 15:47:33.809Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
4/9/2020 - 15:47:33.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:33.950Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:33.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:33.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:33.997Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:33.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:33.997Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:33.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.12Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.59Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.59Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.59Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.59Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.59Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.106Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.106Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.106Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.153Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.153Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.153Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.153Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.153Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.153Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.153Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.153Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.153Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.168Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.168Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:34.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
4/9/2020 - 15:47:34.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
4/9/2020 - 15:47:34.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
4/9/2020 - 15:47:34.200Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
4/9/2020 - 15:47:34.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:34.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.200Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
4/9/2020 - 15:47:34.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
4/9/2020 - 15:47:34.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
4/9/2020 - 15:47:34.247Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
4/9/2020 - 15:47:34.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.309Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:34.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:34.731Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:34.731Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:34.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:34.731Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:34.731Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
4/9/2020 - 15:47:34.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:34.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:34.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.825Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:34.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/9/2020 - 15:47:34.918Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:34.965Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:34.965Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.965Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.981Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.997Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.997Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
4/9/2020 - 15:47:34.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:34.997Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:35.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.106Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.106Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.184Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
4/9/2020 - 15:47:35.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.200Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.200Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.247Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.247Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.247Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.293Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.293Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:35.293Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.434Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.590Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:35.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
4/9/2020 - 15:47:35.684Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.731Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.793Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:35.981Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
4/9/2020 - 15:47:35.981Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
4/9/2020 - 15:47:36.184Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.184Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
4/9/2020 - 15:47:36.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.325Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.325Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
4/9/2020 - 15:47:36.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.559Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.606Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.653Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.934Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:36.981Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.28Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.28Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.122Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:37.168Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:37.168Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.168Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:37.168Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
4/9/2020 - 15:47:37.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.215Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.262Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.309Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.356Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.356Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.403Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.450Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.543Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.590Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.684Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.731Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.731Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.731Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.731Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.731Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.731Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.731Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:37.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:37.747Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:37.747Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:37.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.747Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/9/2020 - 15:47:37.793Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:37.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:37.793Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:37.793Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:37.793Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:37.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:37.809Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:37.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:37.825Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:37.840Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.934Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.981Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:37.981Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.28Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.75Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.122Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.168Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.215Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.262Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.309Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.356Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.403Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.450Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.497Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.543Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.590Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.637Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:38.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
4/9/2020 - 15:47:38.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
4/9/2020 - 15:47:38.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
4/9/2020 - 15:47:38.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
4/9/2020 - 15:47:38.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
4/9/2020 - 15:47:38.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
4/9/2020 - 15:47:38.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
4/9/2020 - 15:47:38.778Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
4/9/2020 - 15:47:38.872Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:38.997Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:39.122Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:39.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:39.356Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
4/9/2020 - 15:47:39.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:39.434Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
4/9/2020 - 15:47:39.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:39.543Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:39.543Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:39.590Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:39.590Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:39.497Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:39.684Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:39.684Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:39.731Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:39.731Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:39.731Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:39.778Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:39.872Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:39.872Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:39.872Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:39.918Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:39.965Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.12Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:40.12Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:40.12Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:40.12Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:40.12Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.12Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:40.12Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.12Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.12Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.12Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:40.28Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:40.12Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/9/2020 - 15:47:40.28Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:40.28Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:40.43Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:40.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.43Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/9/2020 - 15:47:40.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.43Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.43Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.75Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.137Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:40.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
4/9/2020 - 15:47:40.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.137Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.137Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.153Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
4/9/2020 - 15:47:40.325Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/9/2020 - 15:47:40.372Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/9/2020 - 15:47:40.372Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.372Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/9/2020 - 15:47:40.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.465Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.465Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/9/2020 - 15:47:40.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.559Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.606Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.606Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.653Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/9/2020 - 15:47:40.653Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.653Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.653Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/9/2020 - 15:47:40.653Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:40.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:40.700Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:40.700Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:40.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.700Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
4/9/2020 - 15:47:40.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:40.747Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:40.747Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:40.747Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.793Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.840Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/9/2020 - 15:47:40.887Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
4/9/2020 - 15:47:40.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\symbols\dll\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\dll\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:40.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Read516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.887Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\symbols\dll\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\dll\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System.Management.Automation.pdb
4/9/2020 - 15:47:40.887Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:40.981Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.43Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.90Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.231Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.325Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.372Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.418Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.465Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:41.637Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:42.75Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:42.137Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:42.184Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:42.200Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:42.278Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
4/9/2020 - 15:47:42.356Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/9/2020 - 15:47:42.512Read2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/9/2020 - 15:47:42.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2424.1178828
4/9/2020 - 15:47:42.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2424.1178828
4/9/2020 - 15:47:42.668Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2424.1178828
4/9/2020 - 15:47:42.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.516.1202234
4/9/2020 - 15:47:42.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.516.1202234
4/9/2020 - 15:47:42.668Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.516.1202234
4/9/2020 - 15:47:42.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\netutils.dll
4/9/2020 - 15:47:42.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:47:42.762Open2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:47:42.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\netutils.dll
4/9/2020 - 15:47:42.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:47:42.762Open516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.903Unknown2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/9/2020 - 15:47:42.981Unknown516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc

Process
Trace
4/9/2020 - 15:45:42.981Create1480C:\malware.exe1488C:\Monitor\proc.exe
4/9/2020 - 15:46:33.387Create1488C:\Monitor\proc.exe2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:46:33.481Create1488C:\Monitor\proc.exe2428C:\ProgramData\WARZONE.exe
4/9/2020 - 15:46:33.637Terminate1480C:\malware.exe1488C:\Monitor\proc.exe
4/9/2020 - 15:47:9.559Create2428C:\ProgramData\WARZONE.exe516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:9.590Create2428C:\ProgramData\WARZONE.exe2944C:\Windows\SysWOW64\cmd.exe
4/9/2020 - 15:47:42.903Terminate1488C:\Monitor\proc.exe2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
4/9/2020 - 15:47:42.981Terminate2428C:\ProgramData\WARZONE.exe516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
4/9/2020 - 15:46:30.684Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\ActiveMovie\devenumVersion
4/9/2020 - 15:46:32.637Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsMaxConnectionsPer1_0Server
4/9/2020 - 15:46:32.637Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsMaxConnectionsPerServer
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HL3VHWL4XIinst
4/9/2020 - 15:46:33.418Write1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunFile
4/9/2020 - 15:46:34.403Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.403Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.403Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.418Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.434Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:34.450Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:36.106Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:37.215Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:46:37.215Write2424C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:9.59Write2428C:\ProgramData\WARZONE.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsMaxConnectionsPer1_0Server
4/9/2020 - 15:47:9.59Write2428C:\ProgramData\WARZONE.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsMaxConnectionsPerServer
4/9/2020 - 15:47:10.215Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.215Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.215Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.231Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.247Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.247Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.247Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.247Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020 - 15:47:10.247Write516C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/9/2020