Report #11076 check_circle
- Creation Date: Sept. 7, 2020, 8:18 p.m.
- Last Update: Sept. 7, 2020, 8:31 p.m.
- File: 003
- Results:
Binary
DLL
False cancel
Size
115.50KB
trid
61.7% Win64 Executable14.7% Win32 Dynamic Link Library10.0% Win32 Executable4.5% OS/2 Executable4.4% Generic Win/DOS Executable
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
69c242ee355cf2103f327fabc8a08fb8
sha1
ae0379b27d3810a589a316f1ab82ba97a76e2fbf
crc32
0x34a8bd5e
sha224
af69233b71dede10f2df023cbafd0428c9e497c7ab94b66f92c9cda7
sha256
2af156b23d936ece676fa3ad220672970547f5e3218d2359d2596e47a5bf5d3b
sha384
daaf33083df2e57cc1ebf3373b2c930063421f6f505fe6840b0b2e51d7c0084b1f9a68bdbeb11c7856c40a250a2c5f98
sha512
02604a8d4b894a5d1bc8a8ff0399f8196a006a425eee7daed0b08b0e115ff590800d1990065cf0a59af9c47a60c2ba709af45851f7d69a4f681ae7d995890c1e
ssdeep
1536:ck8UL5PbQCu5Nn/HDM5Oo0mjSpUCBMdqICS4AeNf1RjfWwRdzT68k6UGsWMS1Hbe:eVvpXmjmYdJ4Z1RjnRdRkVGH7l87L
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasRichSignature, contentis_base64, RijnDael_AES, maldoc_find_kernel32_base_method_1, CRC32_poly_Constant, IsPE32, IsWindowsGUI
Suspicious
True check_circle
Strings
List
o%A0}t1SSShPSShAAAAOOOOggggBBBBhhhhAAAA8-878A8K8[8e8o8s@,E@X\uft3eTi-b[Xv+S;22dV::tN&&&&6666????}e#GEWFIt8]B4MeOgU~MO44h\2dV2:tN:dV22tN::V22dN::tDf""T~**;`.rdata2Ht\lf""D~**T""Df**T~;V#npGR2`3SbEGan;65,ANfServicesActivepCe-Rn)N.}U(' PMsp\lHtW@.dataa44DoR##FeP[bfieJNeME~QPeA~SkIV,geUr&gecl{auR`ALy?wreD-1HA11#?*0oAM6N8ATF0eoHgoI2o0Pt6lMecMEDI`nW;RlHt\ct-=hfTD$n, @`t\lHBWSbEwdO:gAr"Ba!ytaf|ltnHiituThADehRichutnYHDpeOWptOhdWilCR$8,4+?^1,0<)0.#?*15371` @~);]8fTRNh.5xxxx%%%%....xxJo%%\r..8$fNt7hM5t%Adz!o%%Jr..\$%%Jo..\rF%d&#tWRft!WSt:DL~nlD[SShmtPDNdMYTRPytDSWLfRpCSVh
Foremost
Matches
0.exe, 115 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancelAllowedSuspicioushasAllowed: False cancelhasSuspicious: False cancel
URLs
AllowedhasURLs: False cancelSuspicioushasAllowed: False cancelhasSuspicious: False cancel
Files
Allowed: KERNEL32.dllhasFiles: True check_circleSuspicioushasAllowed: True check_circlehasSuspicious: False cancel
Binary
Sizes
RVARVA: 16Suspicious: False cancelCodeSize: 72704Suspicious: False cancelImageAddress: 4194304Suspicious: False cancelStackStack: 4096Suspicious: False cancelHeadersHeaders: 1024Suspicious: False cancelSuspicious: False cancel
Symbols
NumberNumber: 0Suspicious: True check_circlePointerPointer: 0Suspicious: True check_circleDirectoriesNumber: 16Suspicious: False cancel
Checksum
Value: 0Suspicous: True check_circle
Sections
Allowed: .text, .rdata, .data, .0lgfxz, .relocSuspicioushasAllowed: True check_circlehasSections: True check_circlehasSuspicious: False cancel
Versions
OSVersion: 5Suspicious: False cancelImageVersion: True check_circleSuspicious: 5LinkerVersion: 14.0Suspicious: False cancelSubsystemVersion: 5.1Suspicious: False cancelSuspicious: False cancel
EntryPoint
Address: 16028Suspicious: False cancel
Anomalies
Anomalies: The header checksum and the calculated checksum do not match.hasAnomalies: True check_circle
Libraries
Allowed: kernel32.dllhasLibs: True check_circleSuspicioushasAllowed: True check_circlehasSuspicious: False cancel
Timestamp
Past: False cancelValid: True check_circleValue: 2020-05-08 12:47:59Future: False cancel
Compilation
Packed: False cancelMissing: True check_circlePackersCompiled: False cancelCompilers
Obfuscation
XOR: False cancelFuzzing: False cancel
PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 1
pushret
.data: 21.rdata: 5
pushpopmath
.data: 14.text: 4.rdata: 1.reloc: 1
ss register
.data: 1
garbagebytes
.data: 10.rdata: 2
software breakpoint
.data: 1.reloc: 1
programcontrolflowchange
.data: 10.rdata: 2
AVclass
sodinokibi
1
VirusTotal
md5
69c242ee355cf2103f327fabc8a08fb8
sha1
ae0379b27d3810a589a316f1ab82ba97a76e2fbf
SCANS
AVG
result: Win32:Malware-genupdate: 20200805version: 18.4.3895.0detected: True check_circle
CMC
update: 20200805version: 2.7.2019.1detected: False cancel
MAX
result: malware (ai score=100)update: 20200805version: 2019.9.16.1detected: True check_circle
APEX
result: Maliciousupdate: 20200804version: 6.56detected: True check_circle
Bkav
update: 20200805version: 1.3.0.9899detected: False cancel
K7GW
result: Trojan ( 0054d99c1 )update: 20200805version: 11.127.34901detected: True check_circle
ALYac
result: Trojan.Ransom.Sodinokibiupdate: 20200805version: 1.1.1.5detected: True check_circle
Avast
result: Win32:Malware-genupdate: 20200805version: 18.4.3895.0detected: True check_circle
Avira
result: TR/Crypt.XPACK.Genupdate: 20200805version: 8.3.3.8detected: True check_circle
Baidu
update: 20190318version: 1.0.0.2detected: False cancel
Cynet
result: Malicious (score: 100)update: 20200805version: 4.0.0.24detected: True check_circle
Cyren
result: W32/Kryptik.AKW.gen!Eldoradoupdate: 20200805version: 6.3.0.2detected: True check_circle
DrWeb
result: Trojan.Encoder.28004update: 20200805version: 7.0.46.3050detected: True check_circle
GData
result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902update: 20200805version: A:25.26484B:27.19695detected: True check_circle
Panda
result: Trj/GdSda.Aupdate: 20200805version: 4.6.4.2detected: True check_circle
VBA32
result: BScope.Trojan.DelShadupdate: 20200805version: 4.4.1detected: True check_circle
VIPRE
update: 20200805version: 85718detected: False cancel
Zoner
update: 20200805version: 0.0.0.0detected: False cancel
ClamAV
result: Win.Ransomware.Sodinokibi-7013612-0update: 20200805version: 0.102.4.0detected: True check_circle
Comodo
result: Malware@#3vdq534lc68gsupdate: 20200728version: 32668detected: True check_circle
F-Prot
result: W32/Kryptik.AKW.gen!Eldoradoupdate: 20200805version: 4.7.1.166detected: True check_circle
Ikarus
result: Trojan-Ransom.Sodinokibiupdate: 20200805version: 0.1.5.2detected: True check_circle
McAfee
result: Ransom-Sodnkibi!69C242EE355Cupdate: 20200805version: 6.0.6.653detected: True check_circle
Rising
result: Ransom.Sodin!8.10CD8 (CLOUD)update: 20200805version: 25.0.0.26detected: True check_circle
Sophos
result: Troj/Sodino-BUupdate: 20200805version: 4.98.0detected: True check_circle
Yandex
result: Trojan.Filecoder!D4ko3vclm2cupdate: 20200707version: 5.5.2.24detected: True check_circle
Zillya
result: Trojan.Filecoder.Win32.14505update: 20200805version: 2.0.0.4148detected: True check_circle
Acronis
result: suspiciousupdate: 20200603version: 1.1.1.76detected: True check_circle
Alibaba
result: Ransom:Win32/Sodinokibi.cd33c3d7update: 20190527version: 0.3.0.5detected: True check_circle
Arcabit
result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902update: 20200805version: 1.0.0.877detected: True check_circle
Cylance
result: Unsafeupdate: 20200805version: 2.3.1.101detected: True check_circle
Endgame
result: malicious (high confidence)update: 20200727version: 4.0.6detected: True check_circle
FireEye
result: Generic.mg.69c242ee355cf210update: 20200805version: 32.36.1.0detected: True check_circle
Sangfor
result: Malwareupdate: 20200423version: 1.0detected: True check_circle
TACHYON
update: 20200805version: 2020-08-05.02detected: False cancel
Tencent
result: Malware.Win32.Gencirc.10cdd51fupdate: 20200805version: 1.0.0.1detected: True check_circle
ViRobot
update: 20200805version: 2014.3.20.0detected: False cancel
Webroot
result: W32.Ransom.Sodinokibiupdate: 20200805version: 1.0.0.403detected: True check_circle
eGambit
update: 20200805detected: False cancel
Ad-Aware
result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902update: 20200805version: 3.0.5.370detected: True check_circle
AegisLab
result: Trojan.Win32.Gen.j!cupdate: 20200805version: 4.2detected: True check_circle
Emsisoft
result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902 (B)update: 20200805version: 2018.12.0.1641detected: True check_circle
F-Secure
result: Trojan.TR/Crypt.XPACK.Genupdate: 20200805version: 12.0.86.52detected: True check_circle
Fortinet
result: W32/Sodinokibi.B!tr.ransomupdate: 20200805version: 6.2.142.0detected: True check_circle
Invincea
result: heuristicupdate: 20200502version: 6.3.6.26157detected: True check_circle
Jiangmin
update: 20200805version: 16.0.100detected: False cancel
Kingsoft
update: 20200805version: 2013.8.14.323detected: False cancel
Paloalto
result: generic.mlupdate: 20200805version: 1.0detected: True check_circle
Symantec
result: Ransom.Sodinokibiupdate: 20200805version: 1.11.0.0detected: True check_circle
Trapmine
result: malicious.high.ml.scoreupdate: 20200727version: 3.5.0.1023detected: True check_circle
AhnLab-V3
result: Trojan/Win32.RL_Ransom.R290570update: 20200805version: 3.18.1.10026detected: True check_circle
Antiy-AVL
result: Trojan[Ransom]/Win32.Genupdate: 20200805version: 3.0.0.1detected: True check_circle
Kaspersky
result: HEUR:Trojan-Ransom.Win32.Gen.genupdate: 20200805version: 15.0.1.13detected: True check_circle
Microsoft
result: Ransom:Win32/Sodinokibi.DSB!MTBupdate: 20200805version: 1.1.17300.4detected: True check_circle
Qihoo-360
result: Win32/Trojan.Ransom.fb6update: 20200805version: 1.0.0.1120detected: True check_circle
ZoneAlarm
result: HEUR:Trojan-Ransom.Win32.Gen.genupdate: 20200805version: 1.0detected: True check_circle
Cybereason
result: malicious.e355cfupdate: 20190616version: 1.2.449detected: True check_circle
ESET-NOD32
result: a variant of Win32/Filecoder.Sodinokibi.Bupdate: 20200805version: 21771detected: True check_circle
TrendMicro
result: Ransom.Win32.SODINOKIB.SMTHupdate: 20200805version: 11.0.0.1006detected: True check_circle
BitDefender
result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902update: 20200805version: 7.2detected: True check_circle
CrowdStrike
result: win/malicious_confidence_90% (W)update: 20190702version: 1.0detected: True check_circle
K7AntiVirus
result: Trojan ( 0054d99c1 )update: 20200805version: 11.128.34908detected: True check_circle
SentinelOne
result: DFI - Malicious PEupdate: 20200725version: 4.4.0.0detected: True check_circle
Avast-Mobile
update: 20200805version: 200805-00detected: False cancel
Malwarebytes
result: Ransom.Sodinokibiupdate: 20200805version: 3.6.4.335detected: True check_circle
TotalDefense
update: 20200804version: 37.1.62.1detected: False cancel
CAT-QuickHeal
result: Trojanransom.Genupdate: 20200805version: 14.00detected: True check_circle
NANO-Antivirus
result: Virus.Win32.Gen.ccmwupdate: 20200805version: 1.0.134.25119detected: True check_circle
BitDefenderTheta
result: AI:Packer.59A870CF1Eupdate: 20200805version: 7.2.37796.0detected: True check_circle
MicroWorld-eScan
result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902update: 20200805version: 14.0.409.0detected: True check_circle
SUPERAntiSpyware
update: 20200731version: 5.6.0.1032detected: False cancel
TrendMicro-HouseCall
result: Ransom.Win32.SODINOKIB.SMTHupdate: 20200805version: 10.0.0.1040detected: True check_circle
total
72
sha256
2af156b23d936ece676fa3ad220672970547f5e3218d2359d2596e47a5bf5d3b
scan_id
2af156b23d936ece676fa3ad220672970547f5e3218d2359d2596e47a5bf5d3b-1596653897
resource
69c242ee355cf2103f327fabc8a08fb8
positives
59
scan_date
2020-08-05 18:58:17
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
| 7/9/2020 - 19:45:45.553 | Open | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:45:45.554 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:45:45.559 | Open | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:45:45.559 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:45:45.597 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rpcss.dll | |
| 7/9/2020 - 19:45:45.598 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rpcss.dll | |
| 7/9/2020 - 19:45:45.728 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\wbemprox.dll | |
| 7/9/2020 - 19:45:45.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\wbemprox.dll | |
| 7/9/2020 - 19:45:45.736 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\wbemcomn.dll | |
| 7/9/2020 - 19:45:45.736 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbemcomn.dll | |
| 7/9/2020 - 19:45:45.740 | Open | 1480 | C:\malware.exe | C:\powershell.exe | |
| 7/9/2020 - 19:45:45.741 | Open | 1480 | C:\malware.exe | C:\Monitor\powershell.exe | |
| 7/9/2020 - 19:45:45.741 | Open | 1480 | C:\malware.exe | C:\Windows\System32\powershell.exe | |
| 7/9/2020 - 19:45:45.741 | Open | 1480 | C:\malware.exe | C:\Windows\system\powershell.exe | |
| 7/9/2020 - 19:45:45.742 | Open | 1480 | C:\malware.exe | C:\Windows\powershell.exe | |
| 7/9/2020 - 19:45:45.742 | Open | 1480 | C:\malware.exe | C:\Windows\System32\powershell.exe | |
| 7/9/2020 - 19:45:45.742 | Open | 1480 | C:\malware.exe | C:\Windows\powershell.exe | |
| 7/9/2020 - 19:45:45.742 | Open | 1480 | C:\malware.exe | C:\Windows\System32\wbem\powershell.exe | |
| 7/9/2020 - 19:45:45.742 | Open | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | |
| 7/9/2020 - 19:45:45.743 | Unknown | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe |
| 7/9/2020 - 19:45:45.743 | Open | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | |
| 7/9/2020 - 19:45:45.743 | Unknown | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe |
| 7/9/2020 - 19:45:45.743 | Open | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | |
| 7/9/2020 - 19:45:45.745 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbemcomn.dll | |
| 7/9/2020 - 19:45:45.754 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\Logs | |
| 7/9/2020 - 19:45:45.756 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\Logs | |
| 7/9/2020 - 19:45:45.757 | Open | 1480 | C:\malware.exe | C:\CRYPTSP.dll | |
| 7/9/2020 - 19:45:45.758 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 7/9/2020 - 19:45:45.758 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 7/9/2020 - 19:45:45.759 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.759 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.760 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.760 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.760 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.761 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.761 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.761 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.768 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.768 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 7/9/2020 - 19:45:45.770 | Open | 1480 | C:\malware.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | |
| 7/9/2020 - 19:45:45.770 | Unknown | 1480 | C:\malware.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | SortDefault.nls |
| 7/9/2020 - 19:45:45.771 | Open | 1480 | C:\malware.exe | C:\RpcRtRemote.dll | |
| 7/9/2020 - 19:45:45.771 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 7/9/2020 - 19:45:45.771 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 7/9/2020 - 19:45:45.771 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 7/9/2020 - 19:45:45.772 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 7/9/2020 - 19:45:45.772 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\apphelp.dll | |
| 7/9/2020 - 19:45:45.773 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\apphelp.dll | |
| 7/9/2020 - 19:45:45.774 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\AppPatch64\sysmain.sdb | |
| 7/9/2020 - 19:45:45.774 | Open | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:45.774 | Unknown | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:45.775 | Open | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | |
| 7/9/2020 - 19:45:45.775 | Unknown | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe |
| 7/9/2020 - 19:45:45.775 | Open | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:45:45.775 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:45:45.775 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 7/9/2020 - 19:45:45.775 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 7/9/2020 - 19:45:45.775 | Open | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell | |
| 7/9/2020 - 19:45:45.776 | Unknown | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell | |
| 7/9/2020 - 19:45:45.778 | Unknown | 1480 | C:\malware.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe |
| 7/9/2020 - 19:45:45.863 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Prefetch\POWERSHELL.EXE-920BBA2A.pf | |
| 7/9/2020 - 19:45:45.864 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:45:46.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\wbemsvc.dll | |
| 7/9/2020 - 19:45:46.44 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\wbemsvc.dll | |
| 7/9/2020 - 19:45:46.60 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\fastprox.dll | |
| 7/9/2020 - 19:45:46.69 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\fastprox.dll | |
| 7/9/2020 - 19:45:46.87 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\sechost.dll | |
| 7/9/2020 - 19:45:46.87 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\sechost.dll | |
| 7/9/2020 - 19:45:46.90 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\ATL.DLL | |
| 7/9/2020 - 19:45:46.91 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\atl.dll | |
| 7/9/2020 - 19:45:46.91 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\atl.dll | |
| 7/9/2020 - 19:45:46.93 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\mscoree.dll | |
| 7/9/2020 - 19:45:46.93 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\mscoree.dll | |
| 7/9/2020 - 19:45:46.93 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\mscoree.dll | |
| 7/9/2020 - 19:45:46.95 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wbem\NTDSAPI.dll | |
| 7/9/2020 - 19:45:46.97 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntdsapi.dll | |
| 7/9/2020 - 19:45:46.97 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\imm32.dll | |
| 7/9/2020 - 19:45:46.98 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\imm32.dll | |
| 7/9/2020 - 19:45:46.98 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\imm32.dll | |
| 7/9/2020 - 19:45:46.98 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\imm32.dll | |
| 7/9/2020 - 19:45:46.98 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\imm32.dll | |
| 7/9/2020 - 19:45:46.99 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\imm32.dll | |
| 7/9/2020 - 19:45:46.100 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui | |
| 7/9/2020 - 19:45:46.101 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntdsapi.dll | |
| 7/9/2020 - 19:45:46.104 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rpcss.dll | |
| 7/9/2020 - 19:45:46.104 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rpcss.dll | |
| 7/9/2020 - 19:45:46.104 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rpcss.dll | |
| 7/9/2020 - 19:45:46.105 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rpcss.dll | |
| 7/9/2020 - 19:45:46.105 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\CRYPTBASE.dll | |
| 7/9/2020 - 19:45:46.105 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cryptbase.dll | |
| 7/9/2020 - 19:45:46.105 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cryptbase.dll | cryptbase.dll |
| 7/9/2020 - 19:45:46.105 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cryptbase.dll | |
| 7/9/2020 - 19:45:46.106 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cryptbase.dll | cryptbase.dll |
| 7/9/2020 - 19:45:46.106 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\uxtheme.dll | |
| 7/9/2020 - 19:45:46.106 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\uxtheme.dll | |
| 7/9/2020 - 19:45:46.151 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shell32.dll | |
| 7/9/2020 - 19:45:46.152 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shell32.dll | |
| 7/9/2020 - 19:45:46.155 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shell32.dll | |
| 7/9/2020 - 19:45:46.156 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:45:46.156 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:45:46.156 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:45:46.157 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:45:46.157 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll | |
| 7/9/2020 - 19:45:46.157 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll | |
| 7/9/2020 - 19:45:46.157 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll | |
| 7/9/2020 - 19:45:46.157 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll | |
| 7/9/2020 - 19:45:46.158 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\WindowsShell.Manifest | |
| 7/9/2020 - 19:45:46.158 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\WindowsShell.Manifest | WindowsShell.Manifest |
| 7/9/2020 - 19:45:46.160 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | |
| 7/9/2020 - 19:45:46.160 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | SortDefault.nls |
| 7/9/2020 - 19:45:46.160 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup | |
| 7/9/2020 - 19:45:46.160 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup | |
| 7/9/2020 - 19:45:46.161 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup | |
| 7/9/2020 - 19:45:46.161 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup | |
| 7/9/2020 - 19:45:46.162 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | |
| 7/9/2020 - 19:45:46.162 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe |
| 7/9/2020 - 19:45:46.162 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.162 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.162 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.162 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.162 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell | |
| 7/9/2020 - 19:45:46.162 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell | |
| 7/9/2020 - 19:45:46.164 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.164 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.165 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.165 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.166 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\propsys.dll | |
| 7/9/2020 - 19:45:46.166 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\propsys.dll | |
| 7/9/2020 - 19:45:46.166 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches | |
| 7/9/2020 - 19:45:46.166 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db | |
| 7/9/2020 - 19:45:46.166 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches | |
| 7/9/2020 - 19:45:46.166 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db | |
| 7/9/2020 - 19:45:46.167 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db | |
| 7/9/2020 - 19:45:46.167 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\desktop.ini | |
| 7/9/2020 - 19:45:46.167 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\desktop.ini | |
| 7/9/2020 - 19:45:46.168 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.169 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.169 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.169 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.169 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.169 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.169 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.170 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.170 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini | |
| 7/9/2020 - 19:45:46.170 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.170 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.170 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.170 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.170 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | |
| 7/9/2020 - 19:45:46.171 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | |
| 7/9/2020 - 19:45:46.171 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Desktop\desktop.ini | |
| 7/9/2020 - 19:45:46.171 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Desktop\desktop.ini | |
| 7/9/2020 - 19:45:46.175 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.175 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.175 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.175 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.176 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.176 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.176 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.176 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.176 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.176 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.176 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.177 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.177 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.177 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.177 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.177 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.177 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.177 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.178 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 7/9/2020 - 19:45:46.178 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 7/9/2020 - 19:45:46.178 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.179 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.179 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.179 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.179 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.179 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.179 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\desktop.ini | |
| 7/9/2020 - 19:45:46.183 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.186 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.186 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.187 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.187 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | |
| 7/9/2020 - 19:45:46.187 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | |
| 7/9/2020 - 19:45:46.277 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.277 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.280 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.287 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.287 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.287 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.288 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.288 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.288 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.288 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.289 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.289 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.289 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 7/9/2020 - 19:45:46.289 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 7/9/2020 - 19:45:46.290 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:45:46.290 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:45:46.290 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.290 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.291 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.291 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.291 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.291 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.291 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:45:46.291 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:45:46.291 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.291 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.291 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.292 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.292 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public\desktop.ini | |
| 7/9/2020 - 19:45:46.292 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public\desktop.ini | |
| 7/9/2020 - 19:45:46.292 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public | |
| 7/9/2020 - 19:45:46.293 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public | |
| 7/9/2020 - 19:45:46.293 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public\Desktop\desktop.ini | |
| 7/9/2020 - 19:45:46.293 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Public\Desktop\desktop.ini | |
| 7/9/2020 - 19:45:46.294 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\apphelp.dll | |
| 7/9/2020 - 19:45:46.294 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\apphelp.dll | |
| 7/9/2020 - 19:45:46.295 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\apphelp.dll | |
| 7/9/2020 - 19:45:46.296 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\gameux.dll | |
| 7/9/2020 - 19:45:46.297 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\gameux.dll | |
| 7/9/2020 - 19:45:46.297 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\gameux.dll | |
| 7/9/2020 - 19:45:46.298 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\gameux.dll | |
| 7/9/2020 - 19:45:46.298 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:45:46.298 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:45:46.299 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:45:46.299 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:45:46.299 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:45:46.299 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8 | |
| 7/9/2020 - 19:45:46.300 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8 | |
| 7/9/2020 - 19:45:46.300 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8 | |
| 7/9/2020 - 19:45:46.300 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll | |
| 7/9/2020 - 19:45:46.300 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll | |
| 7/9/2020 - 19:45:46.353 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\xmllite.dll | |
| 7/9/2020 - 19:45:46.354 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\xmllite.dll | |
| 7/9/2020 - 19:45:46.355 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wer.dll | |
| 7/9/2020 - 19:45:46.355 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wer.dll | |
| 7/9/2020 - 19:45:46.358 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.443 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.444 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.444 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.445 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.445 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.446 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.447 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.447 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.448 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.448 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.449 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\gameux.dll | |
| 7/9/2020 - 19:45:46.450 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned | |
| 7/9/2020 - 19:45:46.450 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned | |
| 7/9/2020 - 19:45:46.450 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.451 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.451 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.451 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.451 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.451 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.451 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.452 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.452 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.452 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.452 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.452 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.454 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 7/9/2020 - 19:45:46.454 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 7/9/2020 - 19:45:46.454 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | |
| 7/9/2020 - 19:45:46.454 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | |
| 7/9/2020 - 19:45:46.455 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 7/9/2020 - 19:45:46.455 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 7/9/2020 - 19:45:46.457 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shdocvw.dll | |
| 7/9/2020 - 19:45:46.458 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shdocvw.dll | |
| 7/9/2020 - 19:45:46.458 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shdocvw.dll | |
| 7/9/2020 - 19:45:46.459 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.459 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.459 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.459 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users | |
| 7/9/2020 - 19:45:46.459 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.459 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:46.460 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.460 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData | |
| 7/9/2020 - 19:45:46.460 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.460 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:46.460 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.460 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 7/9/2020 - 19:45:46.460 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 7/9/2020 - 19:45:46.461 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 7/9/2020 - 19:45:46.461 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 7/9/2020 - 19:45:46.461 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 7/9/2020 - 19:45:46.522 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations | |
| 7/9/2020 - 19:45:46.523 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms | |
| 7/9/2020 - 19:45:46.524 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | |
| 7/9/2020 - 19:45:46.566 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini | |
| 7/9/2020 - 19:45:46.567 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini | |
| 7/9/2020 - 19:45:46.568 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.568 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.568 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.568 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.568 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.568 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.569 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.569 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.569 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.569 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.569 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.570 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.570 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | |
| 7/9/2020 - 19:45:46.570 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | |
| 7/9/2020 - 19:45:46.570 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories | |
| 7/9/2020 - 19:45:46.571 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories | |
| 7/9/2020 - 19:45:46.571 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini | |
| 7/9/2020 - 19:45:46.571 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini | |
| 7/9/2020 - 19:45:46.571 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.571 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.572 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\LINKINFO.dll | |
| 7/9/2020 - 19:45:46.572 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\linkinfo.dll | |
| 7/9/2020 - 19:45:46.572 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\linkinfo.dll | |
| 7/9/2020 - 19:45:46.573 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.573 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.573 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\ntshrui.dll | |
| 7/9/2020 - 19:45:46.574 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\ntshrui.dll | |
| 7/9/2020 - 19:45:46.574 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\ntshrui.dll | |
| 7/9/2020 - 19:45:46.574 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\srvcli.dll | |
| 7/9/2020 - 19:45:46.575 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\srvcli.dll | |
| 7/9/2020 - 19:45:46.575 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\srvcli.dll | |
| 7/9/2020 - 19:45:46.618 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\cscapi.dll | |
| 7/9/2020 - 19:45:46.618 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cscapi.dll | |
| 7/9/2020 - 19:45:46.618 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cscapi.dll | |
| 7/9/2020 - 19:45:46.619 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\slc.dll | |
| 7/9/2020 - 19:45:46.619 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\slc.dll | |
| 7/9/2020 - 19:45:46.620 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\slc.dll | |
| 7/9/2020 - 19:45:46.620 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | |
| 7/9/2020 - 19:45:46.621 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.621 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.621 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.621 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.622 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.625 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | Windows PowerShell.lnk |
| 7/9/2020 - 19:45:46.625 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.625 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.625 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.625 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData | |
| 7/9/2020 - 19:45:46.625 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.625 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft | |
| 7/9/2020 - 19:45:46.625 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.626 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows | |
| 7/9/2020 - 19:45:46.626 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.626 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 7/9/2020 - 19:45:46.626 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.626 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 7/9/2020 - 19:45:46.626 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories | |
| 7/9/2020 - 19:45:46.627 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories | |
| 7/9/2020 - 19:45:46.627 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.627 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.627 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.627 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.627 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | |
| 7/9/2020 - 19:45:46.628 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.628 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.628 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.628 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.628 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell | |
| 7/9/2020 - 19:45:46.628 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | Windows PowerShell.lnk |
| 7/9/2020 - 19:45:46.629 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.629 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.629 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.629 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.629 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.629 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.630 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32 | |
| 7/9/2020 - 19:45:46.630 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32 | |
| 7/9/2020 - 19:45:46.630 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell | |
| 7/9/2020 - 19:45:46.630 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell | |
| 7/9/2020 - 19:45:46.630 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.630 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.631 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.631 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.631 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe | |
| 7/9/2020 - 19:45:46.631 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.632 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.632 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.632 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.632 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:45:46.632 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe | powershell_ise.exe |
| 7/9/2020 - 19:45:46.633 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.633 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.633 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.634 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.634 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.634 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.634 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\hh.exe | |
| 7/9/2020 - 19:45:46.644 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.644 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.645 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.645 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.645 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.645 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations | |
| 7/9/2020 - 19:45:46.646 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\CRYPTSP.dll | |
| 7/9/2020 - 19:45:46.646 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cryptsp.dll | |
| 7/9/2020 - 19:45:46.646 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cryptsp.dll | |
| 7/9/2020 - 19:45:46.647 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.648 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.648 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.648 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.649 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.649 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.650 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.650 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.650 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.651 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.655 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.655 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rsaenh.dll | |
| 7/9/2020 - 19:45:46.656 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | |
| 7/9/2020 - 19:45:46.657 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | |
| 7/9/2020 - 19:45:46.657 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | XWRKP2UEYJKKWAKBW3AF.temp |
| 7/9/2020 - 19:45:46.658 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | XWRKP2UEYJKKWAKBW3AF.temp |
| 7/9/2020 - 19:45:46.658 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | XWRKP2UEYJKKWAKBW3AF.temp |
| 7/9/2020 - 19:45:46.659 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | XWRKP2UEYJKKWAKBW3AF.temp |
| 7/9/2020 - 19:45:46.659 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms | |
| 7/9/2020 - 19:45:46.659 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | |
| 7/9/2020 - 19:45:46.659 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations | |
| 7/9/2020 - 19:45:46.659 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWRKP2UEYJKKWAKBW3AF.temp | XWRKP2UEYJKKWAKBW3AF.temp |
| 7/9/2020 - 19:45:46.660 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations | |
| 7/9/2020 - 19:45:46.661 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:45:46.669 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\mscoree.dll.local | |
| 7/9/2020 - 19:45:46.669 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727 | |
| 7/9/2020 - 19:45:46.670 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727 | |
| 7/9/2020 - 19:45:46.670 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\Upgrades.2.0.50727 | |
| 7/9/2020 - 19:45:46.670 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\Upgrades.2.0.50727 | |
| 7/9/2020 - 19:45:46.677 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.config | |
| 7/9/2020 - 19:45:46.678 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727 | |
| 7/9/2020 - 19:45:46.678 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727 | |
| 7/9/2020 - 19:45:46.678 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll | |
| 7/9/2020 - 19:45:46.678 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll | |
| 7/9/2020 - 19:45:46.701 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll | |
| 7/9/2020 - 19:45:46.718 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:45:46.718 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs | |
| 7/9/2020 - 19:45:46.718 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:45:46.721 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:45:46.721 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:45:46.721 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll | |
| 7/9/2020 - 19:45:46.722 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll | |
| 7/9/2020 - 19:45:46.723 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll | |
| 7/9/2020 - 19:45:46.723 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.723 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:45:46.723 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.724 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows | |
| 7/9/2020 - 19:45:46.724 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:45:46.724 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:45:49.71 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | |
| 7/9/2020 - 19:45:49.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:49.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:49.645 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:49.645 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:49.646 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:49.646 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:49.646 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.config | |
| 7/9/2020 - 19:45:49.794 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac | |
| 7/9/2020 - 19:45:50.100 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config | |
| 7/9/2020 - 19:45:50.101 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch | |
| 7/9/2020 - 19:45:50.102 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config | |
| 7/9/2020 - 19:45:50.102 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch | |
| 7/9/2020 - 19:45:50.219 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:50.219 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:50.219 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:45:50.219 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:50.220 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:50.220 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming | |
| 7/9/2020 - 19:45:50.220 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config | |
| 7/9/2020 - 19:45:50.220 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch | |
| 7/9/2020 - 19:45:50.466 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat | |
| 7/9/2020 - 19:45:50.506 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | |
| 7/9/2020 - 19:45:50.514 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.514 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | |
| 7/9/2020 - 19:45:50.514 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.515 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.518 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.521 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.558 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.558 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.578 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.578 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.579 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.579 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.579 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.580 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.580 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.581 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.581 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.581 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.582 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.582 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.583 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.583 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.583 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.584 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.586 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.592 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.625 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.659 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.727 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.762 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.796 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.797 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.797 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:50.868 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:45:50.902 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:45:50.936 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:45:50.969 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.177 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.210 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.278 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.319 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.354 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.387 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.420 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.455 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.490 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.523 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.563 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.596 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.748 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:51.927 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.42 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.105 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.247 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.322 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.358 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.391 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.569 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.604 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.642 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.710 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.745 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.778 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.811 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.844 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.901 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.935 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:52.972 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.14 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.82 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.419 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.454 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.492 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.526 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.570 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.711 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll | |
| 7/9/2020 - 19:45:53.782 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.816 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.860 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.894 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.928 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:53.964 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.0 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.68 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.176 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.210 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.244 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.278 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.312 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.346 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.383 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.416 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.450 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.517 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.550 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.583 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.617 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.650 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.752 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.794 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.828 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.863 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.896 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.929 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.962 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:54.996 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.29 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.70 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.124 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.162 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.195 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.228 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.261 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.295 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.330 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.363 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.429 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.463 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.498 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.564 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.598 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.632 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.666 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.699 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.732 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.765 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.798 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.832 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.868 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.901 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.934 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:55.967 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:56.0 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:56.34 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:56.67 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:56.100 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:56.134 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:56.170 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\OLEAUT32.dll | |
| 7/9/2020 - 19:45:56.170 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:56.205 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.202 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.238 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.304 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.337 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.371 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.409 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.515 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.563 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.646 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Globalization\pt-br.nlp | |
| 7/9/2020 - 19:45:57.646 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.753 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.787 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:57.998 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:58.35 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config | |
| 7/9/2020 - 19:45:58.70 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\pubpol4.dat | |
| 7/9/2020 - 19:45:58.71 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC\PublisherPolicy.tme | |
| 7/9/2020 - 19:45:58.72 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | |
| 7/9/2020 - 19:45:58.72 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:58.73 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | |
| 7/9/2020 - 19:45:58.73 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:58.74 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:58.74 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:58.74 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:58.74 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config | machine.config |
| 7/9/2020 - 19:45:58.144 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:45:58.312 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:45:58.312 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | |
| 7/9/2020 - 19:45:58.347 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.348 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | |
| 7/9/2020 - 19:45:58.348 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.381 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.415 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.448 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.485 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.519 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.552 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:58.621 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:45:58.621 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:45:58.721 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Management.Automation\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:45:58.721 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:45:58.829 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:45:58.829 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:45:58.872 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:58.873 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:45:58.873 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:58.907 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:58.943 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:58.977 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.51 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.92 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.138 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.171 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.205 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.238 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.272 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.306 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.361 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:45:59.416 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | |
| 7/9/2020 - 19:45:59.416 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | |
| 7/9/2020 - 19:45:59.416 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:59.416 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | |
| 7/9/2020 - 19:45:59.417 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:59.417 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:45:59.633 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.700 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.766 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.800 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.834 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.869 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.902 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.935 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:45:59.968 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:46:0.1 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll | |
| 7/9/2020 - 19:46:0.35 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll | |
| 7/9/2020 - 19:46:0.134 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll | |
| 7/9/2020 - 19:46:0.210 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:46:0.210 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:0.210 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:0.210 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:0.558 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.559 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.560 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.561 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.561 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.563 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.564 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.565 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.573 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.577 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.577 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.583 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:0.584 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:0.584 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.584 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.585 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.585 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.586 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.586 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.587 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.587 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.588 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.589 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.625 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:0.625 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:0.625 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.625 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:0.625 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.625 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.626 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.679 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.717 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.750 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.784 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.817 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:0.850 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.919 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:0.986 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.152 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\BVTBin\Tests\installpackage\csilogfile.log | |
| 7/9/2020 - 19:46:1.188 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.221 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:1.254 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:1.288 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.321 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.355 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:1.388 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.421 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:1.455 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:1.493 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:1.527 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.561 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.595 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.810 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.859 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.912 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.956 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:1.992 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | |
| 7/9/2020 - 19:46:2.92 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.92 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | |
| 7/9/2020 - 19:46:2.92 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.126 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.160 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.199 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.232 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.265 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.298 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.332 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.366 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.432 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.471 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.504 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.539 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.572 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.605 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.638 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.671 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.708 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:2.778 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:2.779 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.812 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.845 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.882 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.930 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:2.965 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:3.63 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:3.109 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:3.142 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:3.175 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:3.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:3.244 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:3.313 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.347 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.380 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.414 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.447 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.481 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.516 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.549 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.583 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.616 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.649 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.682 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.715 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.750 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.784 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.817 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.850 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.884 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.953 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:3.986 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:4.19 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:4.86 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.120 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.187 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.232 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.286 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.324 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.357 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.390 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.423 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.458 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.492 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.525 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.558 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.592 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.625 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.660 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.693 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:4.727 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.760 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.793 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:4.827 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:4.865 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.899 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.932 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:4.965 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.33 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:5.80 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:5.113 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:5.146 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.180 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:5.180 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:5.180 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.231 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.264 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.297 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.331 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.444 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\version.dll | |
| 7/9/2020 - 19:46:5.445 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\version.dll | |
| 7/9/2020 - 19:46:5.445 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\version.dll | |
| 7/9/2020 - 19:46:5.446 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.500 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:5.501 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:5.501 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:5.540 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:5.573 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:5.573 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:5.573 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.607 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.640 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:5.707 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\l_intl.nls | |
| 7/9/2020 - 19:46:5.774 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.807 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\pt-BR\KernelBase.dll.mui | |
| 7/9/2020 - 19:46:5.808 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.841 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.875 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.909 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.942 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:5.975 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.8 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.41 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.75 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.108 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.142 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.175 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.242 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.275 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.308 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.341 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.375 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.408 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.441 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.474 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.507 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.631 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.678 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.711 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.745 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.778 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.811 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.844 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.879 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.913 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.946 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:6.979 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.14 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.47 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll | |
| 7/9/2020 - 19:46:7.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.115 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.148 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll | |
| 7/9/2020 - 19:46:7.149 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.182 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.216 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.250 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.283 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.316 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.351 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.384 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.417 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.451 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.518 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.554 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.589 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:7.624 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.657 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.690 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.760 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.760 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.761 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.770 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.771 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.771 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.772 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.773 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.774 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.774 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.775 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.780 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.815 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:7.882 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:7.961 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:8.7 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:8.41 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:8.74 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:8.107 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:8.107 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp | |
| 7/9/2020 - 19:46:8.208 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp | |
| 7/9/2020 - 19:46:8.278 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.311 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.344 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.377 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.411 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.444 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.481 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:8.514 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:8.548 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.582 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.615 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.648 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.684 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.718 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:8.752 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | |
| 7/9/2020 - 19:46:8.852 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:8.852 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | |
| 7/9/2020 - 19:46:8.852 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:8.886 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:8.920 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:8.954 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:8.987 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.54 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.99 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.152 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.189 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.222 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.255 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.289 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.322 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:9.391 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:9.392 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.425 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.459 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.493 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.526 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.559 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.592 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.625 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.659 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.692 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.725 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.758 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:9.791 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:9.825 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:9.859 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:9.892 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:9.958 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:9.993 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:10.26 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:10.59 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:10.92 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.128 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.162 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.195 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.264 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.313 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.368 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.406 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.474 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:10.474 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.474 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:10.474 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.474 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| 7/9/2020 - 19:46:10.475 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.475 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.508 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.577 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.611 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:10.686 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.719 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.752 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.786 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.852 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:10.891 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.77 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.110 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.144 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.177 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.371 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.404 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.444 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:11.519 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:11.596 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:11.596 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | |
| 7/9/2020 - 19:46:11.630 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:11.630 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | |
| 7/9/2020 - 19:46:11.630 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:11.665 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:11.698 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:11.731 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:11.769 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:11.802 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:11.887 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:11.888 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:11.888 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Core\3.5.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:11.888 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:11.962 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:11.962 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | |
| 7/9/2020 - 19:46:11.998 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:11.998 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | |
| 7/9/2020 - 19:46:11.998 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.32 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.65 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.98 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.131 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.165 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.198 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.231 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.264 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.297 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.331 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll | System.Core.dll |
| 7/9/2020 - 19:46:12.364 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | |
| 7/9/2020 - 19:46:12.364 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | |
| 7/9/2020 - 19:46:12.365 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:12.365 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | |
| 7/9/2020 - 19:46:12.365 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:12.365 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll | Microsoft.PowerShell.Commands.Diagnostics.dll |
| 7/9/2020 - 19:46:12.366 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:12.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:12.435 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:12.471 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:12.506 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:12.549 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | |
| 7/9/2020 - 19:46:12.583 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.583 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | |
| 7/9/2020 - 19:46:12.583 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.618 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.651 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.684 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.717 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.750 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:12.784 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:12.784 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.818 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.851 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.890 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.954 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:12.988 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:13.64 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:13.105 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:13.163 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:13.213 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:13.249 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:13.288 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:13.321 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:13.355 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:13.397 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.498 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.498 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | |
| 7/9/2020 - 19:46:13.534 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.534 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | |
| 7/9/2020 - 19:46:13.534 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.567 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.600 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.633 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.666 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.700 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.733 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.766 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.799 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.799 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.799 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.800 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.833 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.833 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | |
| 7/9/2020 - 19:46:13.833 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | Microsoft.WSMan.Runtime.dll |
| 7/9/2020 - 19:46:13.833 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | |
| 7/9/2020 - 19:46:13.834 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | Microsoft.WSMan.Runtime.dll |
| 7/9/2020 - 19:46:13.870 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | Microsoft.WSMan.Runtime.dll |
| 7/9/2020 - 19:46:13.903 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | Microsoft.WSMan.Runtime.dll |
| 7/9/2020 - 19:46:13.936 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | |
| 7/9/2020 - 19:46:13.936 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | |
| 7/9/2020 - 19:46:13.936 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.936 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | |
| 7/9/2020 - 19:46:13.937 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.937 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:13.940 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.940 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:13.941 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | |
| 7/9/2020 - 19:46:13.941 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | |
| 7/9/2020 - 19:46:13.941 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | Microsoft.WSMan.Runtime.dll |
| 7/9/2020 - 19:46:13.941 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | |
| 7/9/2020 - 19:46:13.941 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | Microsoft.WSMan.Runtime.dll |
| 7/9/2020 - 19:46:13.941 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll | Microsoft.WSMan.Runtime.dll |
| 7/9/2020 - 19:46:13.943 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:13.982 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.87 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:14.121 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:14.154 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.188 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.256 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.303 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.356 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.393 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.426 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.460 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.496 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:14.533 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:14.569 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.604 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.637 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.670 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:14.706 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.739 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.772 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.805 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.838 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:14.875 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.909 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:14.977 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | |
| 7/9/2020 - 19:46:15.44 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.44 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | |
| 7/9/2020 - 19:46:15.44 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.78 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.111 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.144 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.179 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.212 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.246 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.279 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:15.312 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:15.312 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.346 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.379 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.413 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.533 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | |
| 7/9/2020 - 19:46:15.587 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.587 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | |
| 7/9/2020 - 19:46:15.587 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.625 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.658 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.691 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.725 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | |
| 7/9/2020 - 19:46:15.731 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.732 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.732 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:46:15.732 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:15.733 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:15.733 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:15.735 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | |
| 7/9/2020 - 19:46:15.735 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.736 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.736 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll | System.Transactions.dll |
| 7/9/2020 - 19:46:15.737 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.770 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.803 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.803 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.804 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.804 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.805 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:15.808 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:15.814 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:15.815 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:15.815 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | |
| 7/9/2020 - 19:46:15.815 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.815 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | |
| 7/9/2020 - 19:46:15.816 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.816 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.816 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.817 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.817 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.818 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.818 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.818 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.819 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.819 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.819 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.820 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:15.820 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:15.820 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.821 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.822 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | |
| 7/9/2020 - 19:46:15.822 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | |
| 7/9/2020 - 19:46:15.822 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.822 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | |
| 7/9/2020 - 19:46:15.890 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.890 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.892 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:15.930 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:15.969 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:16.2 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:16.2 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | |
| 7/9/2020 - 19:46:16.2 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.2 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | |
| 7/9/2020 - 19:46:16.3 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.37 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.70 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.103 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.136 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.169 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.203 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.236 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.269 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:16.269 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:16.270 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | |
| 7/9/2020 - 19:46:16.270 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | |
| 7/9/2020 - 19:46:16.270 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.270 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | |
| 7/9/2020 - 19:46:16.270 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.270 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:16.272 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:16.306 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | |
| 7/9/2020 - 19:46:16.373 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.373 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | |
| 7/9/2020 - 19:46:16.373 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.406 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.472 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.505 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.574 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.607 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.640 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:16.717 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:16.717 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.763 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.817 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.855 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.888 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.921 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.955 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:16.988 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:17.21 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:17.54 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:17.87 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:17.156 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | |
| 7/9/2020 - 19:46:17.190 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.190 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | |
| 7/9/2020 - 19:46:17.190 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.223 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.256 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.290 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.323 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.356 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.389 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:17.457 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:17.457 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.493 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.527 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.596 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.629 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.663 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.696 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:17.737 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:17.770 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:17.770 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | |
| 7/9/2020 - 19:46:17.804 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:17.804 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | |
| 7/9/2020 - 19:46:17.804 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:17.839 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:17.909 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:17.954 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:18.10 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:18.48 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:18.48 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35 | |
| 7/9/2020 - 19:46:18.49 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | |
| 7/9/2020 - 19:46:18.49 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | |
| 7/9/2020 - 19:46:18.49 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:18.49 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | |
| 7/9/2020 - 19:46:18.50 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:18.50 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll | Microsoft.PowerShell.Security.dll |
| 7/9/2020 - 19:46:18.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.136 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.170 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.204 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.237 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.271 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.305 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Globalization\en.nlp | |
| 7/9/2020 - 19:46:18.306 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config | |
| 7/9/2020 - 19:46:18.307 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:18.307 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:18.307 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:18.308 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | |
| 7/9/2020 - 19:46:18.308 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.308 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | |
| 7/9/2020 - 19:46:18.308 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.342 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.375 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.409 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.442 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:18.442 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:18.443 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | |
| 7/9/2020 - 19:46:18.443 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | |
| 7/9/2020 - 19:46:18.443 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.443 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | |
| 7/9/2020 - 19:46:18.444 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.444 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll | Microsoft.PowerShell.ConsoleHost.Resources.dll |
| 7/9/2020 - 19:46:18.445 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.524 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:18.597 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:18.636 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll | Microsoft.PowerShell.ConsoleHost.dll |
| 7/9/2020 - 19:46:18.672 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.706 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.739 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.782 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:18.818 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.852 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.852 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.881 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.934 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.967 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.967 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:18.968 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.2 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.3 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.3 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.4 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.4 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.5 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.20 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:19.21 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.75 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.108 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.176 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.225 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:19.278 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:19.318 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:19.352 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:19.385 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:19.418 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:19.453 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:19.488 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:19.527 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:19.560 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:19.599 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:19.632 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:19.710 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.748 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.785 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.818 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:19.855 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.888 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.921 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.955 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:19.988 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.21 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.54 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.87 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.121 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.154 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.187 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.220 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.253 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.287 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.323 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.416 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.461 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.495 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.528 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.561 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:20.596 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.703 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:20.736 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:20.774 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:20.813 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:20.847 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:20.884 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.920 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:20.957 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:21.25 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:21.64 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:21.99 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:21.133 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:21.170 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:21.205 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:21.241 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:21.274 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:21.317 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:21.389 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:21.428 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:21.461 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:21.500 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:21.534 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:21.630 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:21.724 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:21.769 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:21.805 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:21.839 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:21.873 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:21.906 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:21.940 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:21.973 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:22.6 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | |
| 7/9/2020 - 19:46:22.73 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.73 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | |
| 7/9/2020 - 19:46:22.73 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.106 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.139 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.172 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.206 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.239 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.272 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.305 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.338 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:22.405 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a | |
| 7/9/2020 - 19:46:22.405 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.444 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.478 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.512 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.545 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.579 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.612 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.645 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.678 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.746 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.791 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.841 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:22.882 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:22.922 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:22.975 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:23.8 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:23.41 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:23.75 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:23.108 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:23.141 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:23.181 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:23.216 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:23.216 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:23.250 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:23.250 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | |
| 7/9/2020 - 19:46:23.285 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.285 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | |
| 7/9/2020 - 19:46:23.285 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.319 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.352 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.385 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.418 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.452 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:23.453 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:23.454 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | |
| 7/9/2020 - 19:46:23.454 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | |
| 7/9/2020 - 19:46:23.454 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.454 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | |
| 7/9/2020 - 19:46:23.454 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.454 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.455 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:23.490 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:23.529 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:23.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:23.595 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:23.628 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\shfolder.dll | |
| 7/9/2020 - 19:46:23.629 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shfolder.dll | |
| 7/9/2020 - 19:46:23.663 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\shfolder.dll | |
| 7/9/2020 - 19:46:23.892 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:46:23.892 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:46:23.929 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:23.970 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:24.116 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:24.173 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:24.229 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:24.262 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:46:24.262 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:46:24.264 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | |
| 7/9/2020 - 19:46:24.298 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.299 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | |
| 7/9/2020 - 19:46:24.333 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:24.380 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:24.416 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.449 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.483 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.516 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.549 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.583 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.616 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.649 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.682 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.715 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:24.752 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:24.788 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:24.821 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:24.873 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:24.906 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:24.939 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | |
| 7/9/2020 - 19:46:24.939 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.939 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.941 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.941 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.941 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.941 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.941 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:24.981 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:25.14 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:25.47 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:25.81 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:25.121 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | |
| 7/9/2020 - 19:46:25.122 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml | getevent.types.ps1xml |
| 7/9/2020 - 19:46:25.122 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:25.166 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.200 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.267 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.313 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.366 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.403 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.436 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.469 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.503 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.537 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.574 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.611 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.644 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.677 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.710 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.747 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:25.817 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:25.873 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:25.909 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:25.942 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:25.976 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.9 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.107 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:26.195 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.229 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.493 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.568 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.801 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | |
| 7/9/2020 - 19:46:26.801 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:26.801 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:26.802 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:26.803 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:26.871 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:26.904 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.47 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.47 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.47 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.47 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.49 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.49 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.49 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.49 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.49 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.49 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.51 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.51 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.51 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.51 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.51 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.52 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.53 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.53 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | |
| 7/9/2020 - 19:46:27.53 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | types.ps1xml |
| 7/9/2020 - 19:46:27.62 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.63 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.143 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.176 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.243 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.282 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.315 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.348 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.381 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.415 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.448 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.481 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.515 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.554 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.587 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.621 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.655 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.723 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.805 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.849 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.901 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:27.936 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:27.969 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:28.3 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:28.37 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:28.75 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:28.176 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.345 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:28.378 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:28.423 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.528 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.595 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.629 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.663 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.696 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.729 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.763 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.796 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.830 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.871 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.909 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.947 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:28.980 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.13 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.46 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.80 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.120 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.153 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.186 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.219 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.288 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.333 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.384 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.421 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.456 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.490 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.524 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.557 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.590 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.624 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.659 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:29.692 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.725 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.758 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.791 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.825 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.863 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.896 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.929 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.963 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:29.997 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:30.30 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:30.63 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:30.96 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:30.130 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:30.167 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:30.202 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:30.238 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll | System.Configuration.Install.ni.dll |
| 7/9/2020 - 19:46:30.271 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:30.304 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:30.337 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:30.371 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:30.405 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:30.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:30.506 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:30.559 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:30.613 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll | System.ServiceProcess.ni.dll |
| 7/9/2020 - 19:46:30.660 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:30.758 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:30.795 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:30.829 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:30.866 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:30.902 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:30.935 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:30.968 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:31.70 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:46:31.70 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 | |
| 7/9/2020 - 19:46:31.70 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | |
| 7/9/2020 - 19:46:31.104 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.104 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | |
| 7/9/2020 - 19:46:31.137 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.137 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | |
| 7/9/2020 - 19:46:31.170 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.170 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | |
| 7/9/2020 - 19:46:31.170 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:31.171 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | |
| 7/9/2020 - 19:46:31.172 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:31.172 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | |
| 7/9/2020 - 19:46:31.207 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:31.207 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | |
| 7/9/2020 - 19:46:31.240 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:31.240 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | |
| 7/9/2020 - 19:46:31.273 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:31.273 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | |
| 7/9/2020 - 19:46:31.273 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:31.323 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:31.356 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:31.391 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:31.427 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\tzres.dll | |
| 7/9/2020 - 19:46:31.428 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\tzres.dll | |
| 7/9/2020 - 19:46:31.428 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\tzres.dll | |
| 7/9/2020 - 19:46:31.428 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\tzres.dll | |
| 7/9/2020 - 19:46:31.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.477 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | |
| 7/9/2020 - 19:46:31.480 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.480 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.481 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:31.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.484 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.485 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.485 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.485 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | |
| 7/9/2020 - 19:46:31.485 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | Diagnostics.Format.ps1xml |
| 7/9/2020 - 19:46:31.487 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.488 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.488 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.489 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.490 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.490 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.493 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.493 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.495 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.495 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:31.533 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.567 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.740 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | |
| 7/9/2020 - 19:46:31.740 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.740 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.741 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.741 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.741 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.741 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.742 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.742 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.742 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.742 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | |
| 7/9/2020 - 19:46:31.742 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml | WSMan.Format.ps1xml |
| 7/9/2020 - 19:46:31.836 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:31.892 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | |
| 7/9/2020 - 19:46:31.892 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.892 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.893 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.893 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.893 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.893 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.893 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.893 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.894 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.894 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.894 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | |
| 7/9/2020 - 19:46:31.894 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | Certificate.format.ps1xml |
| 7/9/2020 - 19:46:31.999 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:32.37 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:32.73 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:32.173 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | |
| 7/9/2020 - 19:46:32.174 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.174 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.175 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.208 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.210 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.210 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.210 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.210 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.210 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | |
| 7/9/2020 - 19:46:32.211 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | DotNetTypes.format.ps1xml |
| 7/9/2020 - 19:46:32.214 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:32.215 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:32.216 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:32.249 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:32.282 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:32.315 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll | System.Xml.ni.dll |
| 7/9/2020 - 19:46:32.357 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | |
| 7/9/2020 - 19:46:32.358 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.358 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.359 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | |
| 7/9/2020 - 19:46:32.359 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | FileSystem.format.ps1xml |
| 7/9/2020 - 19:46:32.361 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | |
| 7/9/2020 - 19:46:32.361 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.361 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.362 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.397 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.397 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.397 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.397 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.397 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.398 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.399 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.400 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.401 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.438 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.439 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | |
| 7/9/2020 - 19:46:32.439 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | Help.format.ps1xml |
| 7/9/2020 - 19:46:32.446 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:32.499 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | |
| 7/9/2020 - 19:46:32.499 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.500 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.500 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.500 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.500 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.500 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.505 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.505 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.505 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.505 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.505 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.505 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.541 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | |
| 7/9/2020 - 19:46:32.542 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | PowerShellCore.format.ps1xml |
| 7/9/2020 - 19:46:32.558 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | |
| 7/9/2020 - 19:46:32.558 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.558 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.559 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.559 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.559 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.560 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.560 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.560 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.560 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | |
| 7/9/2020 - 19:46:32.560 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | PowerShellTrace.format.ps1xml |
| 7/9/2020 - 19:46:32.561 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | |
| 7/9/2020 - 19:46:32.561 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.561 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.562 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.562 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | |
| 7/9/2020 - 19:46:32.562 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | Registry.format.ps1xml |
| 7/9/2020 - 19:46:32.629 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:32.717 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll | Microsoft.WSMan.Management.dll |
| 7/9/2020 - 19:46:32.762 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:32.847 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:32.848 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:32.848 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:32.848 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | |
| 7/9/2020 - 19:46:32.849 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:32.849 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | |
| 7/9/2020 - 19:46:32.849 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:32.883 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:32.916 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:32.950 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:32.983 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:32.983 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:32.983 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | |
| 7/9/2020 - 19:46:32.984 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | |
| 7/9/2020 - 19:46:32.984 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:32.984 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | |
| 7/9/2020 - 19:46:32.984 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:32.984 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll | Microsoft.WSMan.Management.resources.dll |
| 7/9/2020 - 19:46:33.50 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.84 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.159 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.198 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.252 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.286 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.319 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.418 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.452 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.486 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.520 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.554 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.595 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:33.665 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll | |
| 7/9/2020 - 19:46:33.666 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\secur32.dll | |
| 7/9/2020 - 19:46:33.666 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\secur32.dll | |
| 7/9/2020 - 19:46:33.666 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\secur32.dll | |
| 7/9/2020 - 19:46:33.666 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\SSPICLI.DLL | |
| 7/9/2020 - 19:46:33.666 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\sspicli.dll | |
| 7/9/2020 - 19:46:33.666 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\sspicli.dll | |
| 7/9/2020 - 19:46:33.667 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:33.704 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:33.739 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:33.783 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:33.822 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:34.98 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:34.104 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:46:34.104 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:46:34.104 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:34.109 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:34.109 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:34.143 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.144 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.144 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.144 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.153 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.153 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.154 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.154 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.155 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.155 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.193 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:34.199 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll | System.Transactions.ni.dll |
| 7/9/2020 - 19:46:34.202 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:34.250 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll | System.Management.Automation.Resources.dll |
| 7/9/2020 - 19:46:34.291 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:34.292 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:34.293 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:34.293 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | |
| 7/9/2020 - 19:46:34.293 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | Microsoft.PowerShell.Security.Resources.dll |
| 7/9/2020 - 19:46:34.293 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | |
| 7/9/2020 - 19:46:34.293 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | Microsoft.PowerShell.Security.Resources.dll |
| 7/9/2020 - 19:46:34.294 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | Microsoft.PowerShell.Security.Resources.dll |
| 7/9/2020 - 19:46:34.294 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | Microsoft.PowerShell.Security.Resources.dll |
| 7/9/2020 - 19:46:34.295 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:34.295 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35 | |
| 7/9/2020 - 19:46:34.295 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | |
| 7/9/2020 - 19:46:34.295 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | |
| 7/9/2020 - 19:46:34.296 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | Microsoft.PowerShell.Security.Resources.dll |
| 7/9/2020 - 19:46:34.296 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | |
| 7/9/2020 - 19:46:34.296 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | Microsoft.PowerShell.Security.Resources.dll |
| 7/9/2020 - 19:46:34.296 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | Microsoft.PowerShell.Security.Resources.dll |
| 7/9/2020 - 19:46:34.681 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:34.715 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:34.804 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.804 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.804 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.804 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.870 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.870 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.870 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.870 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\ | |
| 7/9/2020 - 19:46:34.870 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.870 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.870 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.871 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.872 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.872 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.872 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.872 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.872 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:34.919 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:34.919 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:35.13 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:35.14 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:35.16 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:35.16 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:35.216 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:35.270 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:35.339 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:35.373 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:35.406 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:35.439 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:35.472 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll | System.DirectoryServices.ni.dll |
| 7/9/2020 - 19:46:35.542 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:35.830 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:35.885 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | |
| 7/9/2020 - 19:46:35.975 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:35.975 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | |
| 7/9/2020 - 19:46:35.975 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.8 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.42 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.76 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.109 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.143 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.176 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.209 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.246 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.279 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.312 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.378 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.412 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.445 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.478 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:36.545 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089 | |
| 7/9/2020 - 19:46:36.545 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.579 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.612 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.677 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.710 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.744 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:36.777 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | |
| 7/9/2020 - 19:46:36.810 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:36.810 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | |
| 7/9/2020 - 19:46:36.810 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:36.843 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:36.876 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:36.910 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:36.943 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:36.976 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.54 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | |
| 7/9/2020 - 19:46:37.62 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.62 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.63 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.64 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:46:37.64 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:37.64 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:37.64 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:37.66 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.73 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.73 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.74 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.74 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.107 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.107 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.108 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.109 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.110 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.110 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.147 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.147 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.148 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll | System.Data.dll |
| 7/9/2020 - 19:46:37.164 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.165 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.166 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.166 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.166 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.167 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.170 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.171 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.226 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:37.259 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:37.292 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:37.327 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:37.363 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:37.396 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:37.625 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.659 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.692 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.725 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.758 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.791 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.825 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.858 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.891 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.924 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.958 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:37.991 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.24 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.57 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.90 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.124 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.157 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.191 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.224 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.293 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.338 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.390 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.428 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.463 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.497 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.530 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.563 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.597 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.651 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.721 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:38.908 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 | |
| 7/9/2020 - 19:46:38.909 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 | |
| 7/9/2020 - 19:46:38.909 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1 | |
| 7/9/2020 - 19:46:38.909 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 | |
| 7/9/2020 - 19:46:39.141 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:39.175 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:39.365 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll | Microsoft.PowerShell.Commands.Utility.dll |
| 7/9/2020 - 19:46:39.531 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:39.679 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:39.735 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:39.828 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:39.867 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:39.901 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:39.934 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:39.967 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:40.0 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:40.275 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:40.309 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Globalization\en-us.nlp | |
| 7/9/2020 - 19:46:40.310 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089 | |
| 7/9/2020 - 19:46:40.310 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089 | |
| 7/9/2020 - 19:46:40.376 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089 | |
| 7/9/2020 - 19:46:40.376 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | |
| 7/9/2020 - 19:46:40.444 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.444 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | |
| 7/9/2020 - 19:46:40.444 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.478 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.511 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.544 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.578 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.611 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089 | |
| 7/9/2020 - 19:46:40.611 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089 | |
| 7/9/2020 - 19:46:40.611 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | |
| 7/9/2020 - 19:46:40.612 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | |
| 7/9/2020 - 19:46:40.612 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.612 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | |
| 7/9/2020 - 19:46:40.612 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.612 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.613 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll | mscorlib.resources.dll |
| 7/9/2020 - 19:46:40.895 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:41.2 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:41.37 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:41.79 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:41.124 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:41.294 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.329 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.362 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.395 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.428 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.461 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.496 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.530 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.564 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.598 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.632 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.666 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.700 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.734 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:41.963 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | System.Management.Automation.dll |
| 7/9/2020 - 19:46:42.0 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll | Microsoft.PowerShell.Commands.Management.dll |
| 7/9/2020 - 19:46:42.69 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.110 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.144 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.178 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.270 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:42.304 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:42.338 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:42.374 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.414 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.467 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.504 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.538 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.571 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.672 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\RpcRtRemote.dll | |
| 7/9/2020 - 19:46:42.673 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\RpcRtRemote.dll | |
| 7/9/2020 - 19:46:42.673 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\RpcRtRemote.dll | RpcRtRemote.dll |
| 7/9/2020 - 19:46:42.673 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\RpcRtRemote.dll | |
| 7/9/2020 - 19:46:42.673 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\RpcRtRemote.dll | RpcRtRemote.dll |
| 7/9/2020 - 19:46:42.708 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.708 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | |
| 7/9/2020 - 19:46:42.742 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | WMINet_Utils.dll |
| 7/9/2020 - 19:46:42.742 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | |
| 7/9/2020 - 19:46:42.742 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | WMINet_Utils.dll |
| 7/9/2020 - 19:46:42.775 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | WMINet_Utils.dll |
| 7/9/2020 - 19:46:42.775 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | WMINet_Utils.dll |
| 7/9/2020 - 19:46:42.776 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | |
| 7/9/2020 - 19:46:42.782 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | WMINet_Utils.dll |
| 7/9/2020 - 19:46:42.782 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | WMINet_Utils.dll |
| 7/9/2020 - 19:46:42.783 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local | |
| 7/9/2020 - 19:46:42.783 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:42.783 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:42.783 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:42.783 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll | WMINet_Utils.dll |
| 7/9/2020 - 19:46:42.907 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.942 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:42.976 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\wmiutils.dll | |
| 7/9/2020 - 19:46:42.977 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\wmiutils.dll | |
| 7/9/2020 - 19:46:42.977 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\wbemcomn.dll | |
| 7/9/2020 - 19:46:42.978 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbemcomn.dll | |
| 7/9/2020 - 19:46:42.978 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbemcomn.dll | |
| 7/9/2020 - 19:46:42.979 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\Logs | |
| 7/9/2020 - 19:46:42.979 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\Logs | |
| 7/9/2020 - 19:46:42.980 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\wbemprox.dll | |
| 7/9/2020 - 19:46:43.14 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\wbemprox.dll | |
| 7/9/2020 - 19:46:43.48 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:43.90 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll | |
| 7/9/2020 - 19:46:43.126 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\nlaapi.dll | |
| 7/9/2020 - 19:46:43.126 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\nlaapi.dll | |
| 7/9/2020 - 19:46:43.127 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\NapiNSP.dll | |
| 7/9/2020 - 19:46:43.127 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\NapiNSP.dll | |
| 7/9/2020 - 19:46:43.196 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\pnrpnsp.dll | |
| 7/9/2020 - 19:46:43.197 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\pnrpnsp.dll | |
| 7/9/2020 - 19:46:43.263 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\mswsock.dll | |
| 7/9/2020 - 19:46:43.263 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\mswsock.dll | |
| 7/9/2020 - 19:46:43.264 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\DNSAPI.dll | |
| 7/9/2020 - 19:46:43.264 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\dnsapi.dll | |
| 7/9/2020 - 19:46:43.264 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\dnsapi.dll | |
| 7/9/2020 - 19:46:43.265 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\winrnr.dll | |
| 7/9/2020 - 19:46:43.266 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\winrnr.dll | |
| 7/9/2020 - 19:46:43.340 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\IPHLPAPI.DLL | |
| 7/9/2020 - 19:46:43.340 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\IPHLPAPI.DLL | |
| 7/9/2020 - 19:46:43.341 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\IPHLPAPI.DLL | |
| 7/9/2020 - 19:46:43.341 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\WINNSI.DLL | |
| 7/9/2020 - 19:46:43.342 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\winnsi.dll | |
| 7/9/2020 - 19:46:43.342 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\winnsi.dll | |
| 7/9/2020 - 19:46:43.378 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\FWPUCLNT.DLL | |
| 7/9/2020 - 19:46:43.378 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\FWPUCLNT.DLL | |
| 7/9/2020 - 19:46:43.448 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\rasadhlp.dll | |
| 7/9/2020 - 19:46:43.449 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rasadhlp.dll | |
| 7/9/2020 - 19:46:43.449 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\rasadhlp.dll | |
| 7/9/2020 - 19:46:43.650 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\wbemsvc.dll | |
| 7/9/2020 - 19:46:43.650 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\wbemsvc.dll | |
| 7/9/2020 - 19:46:43.692 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\fastprox.dll | |
| 7/9/2020 - 19:46:43.692 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\fastprox.dll | |
| 7/9/2020 - 19:46:43.693 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\NTDSAPI.dll | |
| 7/9/2020 - 19:46:43.693 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\ntdsapi.dll | |
| 7/9/2020 - 19:46:43.693 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\ntdsapi.dll | |
| 7/9/2020 - 19:46:44.73 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:45.711 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:45.716 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:45.957 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:46.29 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\pt-BR\wmiutils.dll.mui | |
| 7/9/2020 - 19:46:46.29 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\wbem\pt\wmiutils.dll.mui | |
| 7/9/2020 - 19:46:46.30 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\en-US\wmiutils.dll.mui | |
| 7/9/2020 - 19:46:46.63 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\wbem\en-US\wmiutils.dll.mui | wmiutils.dll.mui |
| 7/9/2020 - 19:46:46.429 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:46.476 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:46.517 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:46.550 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll | System.Management.ni.dll |
| 7/9/2020 - 19:46:47.66 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:47.99 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll | System.ni.dll |
| 7/9/2020 - 19:46:47.132 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll | mscorlib.ni.dll |
| 7/9/2020 - 19:46:48.960 | Read | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll | System.Data.ni.dll |
| 7/9/2020 - 19:46:49.76 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2476.1121640 | |
| 7/9/2020 - 19:46:49.76 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.1121640 | |
| 7/9/2020 - 19:46:49.77 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2476.1121765 | |
| 7/9/2020 - 19:46:49.78 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\netutils.dll | |
| 7/9/2020 - 19:46:49.78 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\netutils.dll | |
| 7/9/2020 - 19:46:49.79 | Open | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\netutils.dll | |
| 7/9/2020 - 19:46:49.88 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Monitor | |
| 7/9/2020 - 19:46:49.89 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui | powershell.exe.mui |
| 7/9/2020 - 19:46:49.89 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 | |
| 7/9/2020 - 19:46:49.89 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8 | |
| 7/9/2020 - 19:46:49.89 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:49.89 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:49.90 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\pt-BR\KernelBase.dll.mui | KernelBase.dll.mui |
| 7/9/2020 - 19:46:49.90 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:49.90 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:49.90 | Unknown | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6 | |
| 7/9/2020 - 19:46:49.99 | Open | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:46:49.100 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:46:49.100 | Open | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:46:49.100 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:46:49.100 | Open | 1480 | C:\malware.exe | C:\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.100 | Write | 1480 | C:\malware.exe | C:\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.101 | Unknown | 1480 | C:\malware.exe | C:\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.101 | Open | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:46:49.101 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 7/9/2020 - 19:46:49.101 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 7/9/2020 - 19:46:49.101 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 7/9/2020 - 19:46:49.101 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 7/9/2020 - 19:46:49.102 | Open | 1480 | C:\malware.exe | C:\Monitor\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.102 | Write | 1480 | C:\malware.exe | C:\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.103 | Unknown | 1480 | C:\malware.exe | C:\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.103 | Open | 1480 | C:\malware.exe | C:\Program Files | |
| 7/9/2020 - 19:46:49.103 | Unknown | 1480 | C:\malware.exe | C:\Program Files | |
| 7/9/2020 - 19:46:49.103 | Open | 1480 | C:\malware.exe | C:\Program Files | |
| 7/9/2020 - 19:46:49.103 | Unknown | 1480 | C:\malware.exe | C:\Program Files | |
| 7/9/2020 - 19:46:49.103 | Open | 1480 | C:\malware.exe | C:\Program Files\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.104 | Write | 1480 | C:\malware.exe | C:\Program Files\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.104 | Unknown | 1480 | C:\malware.exe | C:\Program Files\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.104 | Open | 1480 | C:\malware.exe | C:\Program Files (x86) | |
| 7/9/2020 - 19:46:49.104 | Unknown | 1480 | C:\malware.exe | C:\Program Files (x86) | |
| 7/9/2020 - 19:46:49.104 | Open | 1480 | C:\malware.exe | C:\Program Files (x86) | |
| 7/9/2020 - 19:46:49.104 | Unknown | 1480 | C:\malware.exe | C:\Program Files (x86) | |
| 7/9/2020 - 19:46:49.104 | Open | 1480 | C:\malware.exe | C:\Program Files (x86)\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.105 | Write | 1480 | C:\malware.exe | C:\Program Files (x86)\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.105 | Unknown | 1480 | C:\malware.exe | C:\Program Files (x86)\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.105 | Open | 1480 | C:\malware.exe | C:\Recovery | |
| 7/9/2020 - 19:46:49.105 | Unknown | 1480 | C:\malware.exe | C:\Recovery | |
| 7/9/2020 - 19:46:49.105 | Open | 1480 | C:\malware.exe | C:\Recovery | |
| 7/9/2020 - 19:46:49.106 | Unknown | 1480 | C:\malware.exe | C:\Recovery | |
| 7/9/2020 - 19:46:49.106 | Open | 1480 | C:\malware.exe | C:\Recovery\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.106 | Write | 1480 | C:\malware.exe | C:\Recovery\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.106 | Unknown | 1480 | C:\malware.exe | C:\Recovery\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.106 | Open | 1480 | C:\malware.exe | C:\Users | |
| 7/9/2020 - 19:46:49.122 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 7/9/2020 - 19:46:49.122 | Open | 1480 | C:\malware.exe | C:\Users | |
| 7/9/2020 - 19:46:49.122 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 7/9/2020 - 19:46:49.122 | Open | 1480 | C:\malware.exe | C:\Users\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.122 | Write | 1480 | C:\malware.exe | C:\Users\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.123 | Unknown | 1480 | C:\malware.exe | C:\Users\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.123 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 7/9/2020 - 19:46:49.123 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 7/9/2020 - 19:46:49.123 | Open | 1480 | C:\malware.exe | C:\Monitor\Files | |
| 7/9/2020 - 19:46:49.123 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files | |
| 7/9/2020 - 19:46:49.123 | Open | 1480 | C:\malware.exe | C:\Monitor\Files | |
| 7/9/2020 - 19:46:49.123 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files | |
| 7/9/2020 - 19:46:49.123 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.124 | Write | 1480 | C:\malware.exe | C:\Monitor\Files\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.124 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.124 | Open | 1480 | C:\malware.exe | C:\Monitor\Malware | |
| 7/9/2020 - 19:46:49.124 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Malware | |
| 7/9/2020 - 19:46:49.124 | Open | 1480 | C:\malware.exe | C:\Monitor\Malware | |
| 7/9/2020 - 19:46:49.124 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Malware | |
| 7/9/2020 - 19:46:49.125 | Open | 1480 | C:\malware.exe | C:\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.125 | Write | 1480 | C:\malware.exe | C:\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.125 | Unknown | 1480 | C:\malware.exe | C:\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.125 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.125 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.125 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.125 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.125 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.125 | Write | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.125 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.125 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 7/9/2020 - 19:46:49.125 | Open | 1480 | C:\malware.exe | C:\Program Files | |
| 7/9/2020 - 19:46:49.125 | Unknown | 1480 | C:\malware.exe | C:\Program Files | |
| 7/9/2020 - 19:46:49.125 | Open | 1480 | C:\malware.exe | C:\Program Files (x86) | |
| 7/9/2020 - 19:46:49.125 | Unknown | 1480 | C:\malware.exe | C:\Program Files (x86) | |
| 7/9/2020 - 19:46:49.125 | Open | 1480 | C:\malware.exe | C:\Recovery | |
| 7/9/2020 - 19:46:49.126 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.126 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.126 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.126 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.126 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.126 | Write | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.127 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.127 | Unknown | 1480 | C:\malware.exe | C:\Recovery | |
| 7/9/2020 - 19:46:49.127 | Open | 1480 | C:\malware.exe | C:\Users | |
| 7/9/2020 - 19:46:49.127 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:46:49.127 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:46:49.127 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:46:49.128 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:46:49.128 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.128 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.128 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.128 | Open | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:46:49.129 | Unknown | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:46:49.129 | Open | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:46:49.129 | Unknown | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:46:49.129 | Open | 1480 | C:\malware.exe | C:\Users\Default\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.129 | Write | 1480 | C:\malware.exe | C:\Users\Default\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.130 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.130 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 7/9/2020 - 19:46:49.130 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 7/9/2020 - 19:46:49.130 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 7/9/2020 - 19:46:49.130 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 7/9/2020 - 19:46:49.130 | Open | 1480 | C:\malware.exe | C:\Users\Public\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.131 | Write | 1480 | C:\malware.exe | C:\Users\Public\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.131 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.131 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 7/9/2020 - 19:46:49.131 | Open | 1480 | C:\malware.exe | C:\Monitor\Files | |
| 7/9/2020 - 19:46:49.131 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:46:49.131 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:46:49.132 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:46:49.132 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:46:49.132 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.132 | Write | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.132 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.132 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\Logs | |
| 7/9/2020 - 19:46:49.132 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\Logs | |
| 7/9/2020 - 19:46:49.132 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\Logs | |
| 7/9/2020 - 19:46:49.133 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\Logs | |
| 7/9/2020 - 19:46:49.133 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\Logs\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.134 | Write | 1480 | C:\malware.exe | C:\Monitor\Files\Logs\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.134 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\Logs\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.134 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files | |
| 7/9/2020 - 19:46:49.134 | Open | 1480 | C:\malware.exe | C:\Monitor\Malware | |
| 7/9/2020 - 19:46:49.134 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Malware | |
| 7/9/2020 - 19:46:49.134 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.134 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | |
| 7/9/2020 - 19:46:49.134 | Read | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:46:49.134 | Read | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:46:49.166 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | |
| 7/9/2020 - 19:46:49.167 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | |
| 7/9/2020 - 19:46:49.167 | Read | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:46:49.168 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | |
| 7/9/2020 - 19:46:49.169 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.169 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.170 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.170 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.171 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.184 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.195 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.195 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.196 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.196 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.198 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.198 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:46:49.199 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:46:49.199 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:46:49.199 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:46:49.199 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:46:49.199 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.200 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.200 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.200 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:46:49.201 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:46:49.201 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:46:49.201 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:46:49.201 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.202 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.204 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.204 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:46:49.205 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:46:49.205 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:46:49.205 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:46:49.205 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.205 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.206 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.206 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:46:49.206 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:46:49.206 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:46:49.207 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:46:49.207 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.208 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.208 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.208 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 7/9/2020 - 19:46:49.209 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 7/9/2020 - 19:46:49.209 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 7/9/2020 - 19:46:49.209 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 7/9/2020 - 19:46:49.210 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.210 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.211 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.211 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 7/9/2020 - 19:46:49.211 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 7/9/2020 - 19:46:49.211 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 7/9/2020 - 19:46:49.212 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 7/9/2020 - 19:46:49.212 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.213 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.213 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.213 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Music | |
| 7/9/2020 - 19:46:49.214 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Music | |
| 7/9/2020 - 19:46:49.214 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Music | |
| 7/9/2020 - 19:46:49.214 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Music | |
| 7/9/2020 - 19:46:49.214 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Music\43cd2k60-readme.txt | |
| 7/9/2020 - 19:46:49.215 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.215 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:46:49.215 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:49.216 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:49.216 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\uxtheme.dll | |
| 7/9/2020 - 19:46:49.217 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\uxtheme.dll | |
| 7/9/2020 - 19:46:49.280 | Read | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:46:49.280 | Read | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:46:49.281 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.281 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.335 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.335 | Read | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\bcryptprimitives.dll | |
| 7/9/2020 - 19:46:49.372 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\bcryptprimitives.dll | bcryptprimitives.dll |
| 7/9/2020 - 19:46:49.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\bcryptprimitives.dll | |
| 7/9/2020 - 19:46:49.373 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\bcryptprimitives.dll | bcryptprimitives.dll |
| 7/9/2020 - 19:46:49.380 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:49.380 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:49.380 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:49.391 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:49.393 | Write | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:46:49.393 | Write | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:46:49.403 | Write | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.412 | Write | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.413 | Write | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:46:49.413 | Write | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:46:49.413 | Write | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.413 | Write | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.413 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:46:49.413 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | |
| 7/9/2020 - 19:46:49.414 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.414 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:46:49.414 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.451 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.451 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.451 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.451 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi | |
| 7/9/2020 - 19:46:49.452 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:46:49.452 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | |
| 7/9/2020 - 19:46:49.452 | Open | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.452 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:46:49.453 | Unknown | 1480 | C:\malware.exe | C:\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:46:49.488 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.488 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.489 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.489 | Open | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:49.489 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim | |
| 7/9/2020 - 19:46:49.489 | Unknown | 1480 | C:\malware.exe | C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13 | |
| 7/9/2020 - 19:46:50.396 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:50.399 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:50.399 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:50.400 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:50.452 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:51.470 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:51.475 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:51.475 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:51.475 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:51.519 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:52.535 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:52.535 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:52.535 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:52.538 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:52.538 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:52.539 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:52.579 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:52.579 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:52.579 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:52.620 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:46:53.649 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:53.652 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:53.652 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:53.652 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:53.693 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:53.693 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:53.693 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:53.731 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:46:54.740 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:54.742 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:54.743 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:54.743 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:54.783 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:54.783 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:54.783 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:54.821 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:46:55.830 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:55.831 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:55.831 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:55.833 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:55.833 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:55.833 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:55.875 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:55.875 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:55.876 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:55.916 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:46:55.916 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:55.917 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:55.958 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:46:56.979 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:56.981 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:56.981 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:56.982 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:57.22 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:57.22 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:57.22 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:57.60 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:46:57.60 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:57.60 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:57.99 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:46:58.112 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:58.116 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:58.116 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:58.116 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:58.159 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:58.160 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:58.160 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:58.203 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:46:58.203 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:58.203 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:58.280 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:46:59.324 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:59.324 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:46:59.325 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:46:59.327 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:59.328 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:59.328 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:59.412 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:46:59.413 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:59.414 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:46:59.458 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:46:59.458 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:59.458 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:46:59.501 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:46:59.502 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:46:59.502 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:46:59.578 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:0.615 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:0.620 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:0.620 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:0.620 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:0.671 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:0.671 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:0.671 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:0.711 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:0.711 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:0.712 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:0.784 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:0.784 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:0.784 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:0.825 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:1.860 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:1.863 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:1.863 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:1.864 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:1.904 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:1.904 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:1.905 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:1.945 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:1.945 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:1.946 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:1.986 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:1.986 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:1.987 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:2.58 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:3.69 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:3.70 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures | |
| 7/9/2020 - 19:47:3.71 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures | |
| 7/9/2020 - 19:47:3.71 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures | |
| 7/9/2020 - 19:47:3.71 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures | |
| 7/9/2020 - 19:47:3.71 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.72 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.73 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.73 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games | |
| 7/9/2020 - 19:47:3.73 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games | |
| 7/9/2020 - 19:47:3.73 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games | |
| 7/9/2020 - 19:47:3.74 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games | |
| 7/9/2020 - 19:47:3.74 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.74 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.75 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.75 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:3.75 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:3.76 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:3.76 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:3.76 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.144 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.145 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.145 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Videos | |
| 7/9/2020 - 19:47:3.145 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Videos | |
| 7/9/2020 - 19:47:3.145 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Videos | |
| 7/9/2020 - 19:47:3.146 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Videos | |
| 7/9/2020 - 19:47:3.146 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.146 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.147 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.147 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 7/9/2020 - 19:47:3.148 | Open | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:3.148 | Open | 1480 | C:\malware.exe | C:\Users\Default\Desktop | |
| 7/9/2020 - 19:47:3.148 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Desktop | |
| 7/9/2020 - 19:47:3.149 | Open | 1480 | C:\malware.exe | C:\Users\Default\Desktop | |
| 7/9/2020 - 19:47:3.149 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Desktop | |
| 7/9/2020 - 19:47:3.149 | Open | 1480 | C:\malware.exe | C:\Users\Default\Desktop\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.149 | Write | 1480 | C:\malware.exe | C:\Users\Default\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.150 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.150 | Open | 1480 | C:\malware.exe | C:\Users\Default\Documents | |
| 7/9/2020 - 19:47:3.150 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Documents | |
| 7/9/2020 - 19:47:3.151 | Open | 1480 | C:\malware.exe | C:\Users\Default\Documents | |
| 7/9/2020 - 19:47:3.151 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Documents | |
| 7/9/2020 - 19:47:3.151 | Read | 1480 | C:\malware.exe | C:\Users\Default\Documents | |
| 7/9/2020 - 19:47:3.151 | Open | 1480 | C:\malware.exe | C:\Users\Default\Documents\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.213 | Write | 1480 | C:\malware.exe | C:\Users\Default\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.213 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.213 | Open | 1480 | C:\malware.exe | C:\Users\Default\Downloads | |
| 7/9/2020 - 19:47:3.214 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Downloads | |
| 7/9/2020 - 19:47:3.215 | Open | 1480 | C:\malware.exe | C:\Users\Default\Downloads | |
| 7/9/2020 - 19:47:3.215 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Downloads | |
| 7/9/2020 - 19:47:3.215 | Open | 1480 | C:\malware.exe | C:\Users\Default\Downloads\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.265 | Write | 1480 | C:\malware.exe | C:\Users\Default\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.265 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.265 | Open | 1480 | C:\malware.exe | C:\Users\Default\Favorites | |
| 7/9/2020 - 19:47:3.321 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Favorites | |
| 7/9/2020 - 19:47:3.321 | Open | 1480 | C:\malware.exe | C:\Users\Default\Favorites | |
| 7/9/2020 - 19:47:3.321 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Favorites | |
| 7/9/2020 - 19:47:3.321 | Open | 1480 | C:\malware.exe | C:\Users\Default\Favorites\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.322 | Write | 1480 | C:\malware.exe | C:\Users\Default\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.322 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.322 | Open | 1480 | C:\malware.exe | C:\Users\Default\Links | |
| 7/9/2020 - 19:47:3.323 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Links | |
| 7/9/2020 - 19:47:3.323 | Open | 1480 | C:\malware.exe | C:\Users\Default\Links | |
| 7/9/2020 - 19:47:3.323 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Links | |
| 7/9/2020 - 19:47:3.323 | Open | 1480 | C:\malware.exe | C:\Users\Default\Links\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.324 | Write | 1480 | C:\malware.exe | C:\Users\Default\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.324 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.324 | Open | 1480 | C:\malware.exe | C:\Users\Default\Music | |
| 7/9/2020 - 19:47:3.324 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Music | |
| 7/9/2020 - 19:47:3.325 | Open | 1480 | C:\malware.exe | C:\Users\Default\Music | |
| 7/9/2020 - 19:47:3.325 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Music | |
| 7/9/2020 - 19:47:3.325 | Open | 1480 | C:\malware.exe | C:\Users\Default\Music\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.325 | Write | 1480 | C:\malware.exe | C:\Users\Default\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.326 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.326 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | |
| 7/9/2020 - 19:47:3.326 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:3.326 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:3.327 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | |
| 7/9/2020 - 19:47:3.329 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:3.329 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:3.329 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:3.330 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:3.331 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:3.332 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:3.332 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:3.332 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:3.333 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:3.334 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:3.334 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:3.334 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:3.336 | Open | 1480 | C:\malware.exe | C:\Users\Default\Pictures | |
| 7/9/2020 - 19:47:3.337 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Pictures | |
| 7/9/2020 - 19:47:3.337 | Open | 1480 | C:\malware.exe | C:\Users\Default\Pictures | |
| 7/9/2020 - 19:47:3.337 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Pictures | |
| 7/9/2020 - 19:47:3.337 | Open | 1480 | C:\malware.exe | C:\Users\Default\Pictures\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.338 | Write | 1480 | C:\malware.exe | C:\Users\Default\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.339 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.339 | Open | 1480 | C:\malware.exe | C:\Users\Default\Saved Games | |
| 7/9/2020 - 19:47:3.339 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Saved Games | |
| 7/9/2020 - 19:47:3.339 | Open | 1480 | C:\malware.exe | C:\Users\Default\Saved Games | |
| 7/9/2020 - 19:47:3.340 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Saved Games | |
| 7/9/2020 - 19:47:3.340 | Open | 1480 | C:\malware.exe | C:\Users\Default\Saved Games\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.340 | Write | 1480 | C:\malware.exe | C:\Users\Default\Saved Games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.341 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Saved Games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.341 | Open | 1480 | C:\malware.exe | C:\Users\Default\Videos | |
| 7/9/2020 - 19:47:3.341 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Videos | |
| 7/9/2020 - 19:47:3.341 | Open | 1480 | C:\malware.exe | C:\Users\Default\Videos | |
| 7/9/2020 - 19:47:3.342 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Videos | |
| 7/9/2020 - 19:47:3.342 | Open | 1480 | C:\malware.exe | C:\Users\Default\Videos\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.342 | Write | 1480 | C:\malware.exe | C:\Users\Default\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.343 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.343 | Unknown | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:3.343 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 7/9/2020 - 19:47:3.343 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:47:3.343 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:47:3.344 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:47:3.344 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:47:3.344 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.344 | Write | 1480 | C:\malware.exe | C:\Users\Public\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.346 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.346 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 7/9/2020 - 19:47:3.346 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 7/9/2020 - 19:47:3.346 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 7/9/2020 - 19:47:3.347 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 7/9/2020 - 19:47:3.347 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.348 | Write | 1480 | C:\malware.exe | C:\Users\Public\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.348 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.348 | Open | 1480 | C:\malware.exe | C:\Users\Public\Downloads | |
| 7/9/2020 - 19:47:3.349 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Downloads | |
| 7/9/2020 - 19:47:3.349 | Open | 1480 | C:\malware.exe | C:\Users\Public\Downloads | |
| 7/9/2020 - 19:47:3.349 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Downloads | |
| 7/9/2020 - 19:47:3.349 | Open | 1480 | C:\malware.exe | C:\Users\Public\Downloads\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.350 | Write | 1480 | C:\malware.exe | C:\Users\Public\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.350 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.350 | Open | 1480 | C:\malware.exe | C:\Users\Public\Favorites | |
| 7/9/2020 - 19:47:3.351 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Favorites | |
| 7/9/2020 - 19:47:3.351 | Open | 1480 | C:\malware.exe | C:\Users\Public\Favorites | |
| 7/9/2020 - 19:47:3.351 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Favorites | |
| 7/9/2020 - 19:47:3.351 | Open | 1480 | C:\malware.exe | C:\Users\Public\Favorites\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.352 | Write | 1480 | C:\malware.exe | C:\Users\Public\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.352 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.352 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:3.353 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:3.353 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:3.353 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:3.353 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.354 | Write | 1480 | C:\malware.exe | C:\Users\Public\Libraries\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.354 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Libraries\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.354 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music | |
| 7/9/2020 - 19:47:3.354 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music | |
| 7/9/2020 - 19:47:3.355 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music | |
| 7/9/2020 - 19:47:3.355 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music | |
| 7/9/2020 - 19:47:3.355 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.356 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.356 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures | |
| 7/9/2020 - 19:47:3.357 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures | |
| 7/9/2020 - 19:47:3.357 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures | |
| 7/9/2020 - 19:47:3.357 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures | |
| 7/9/2020 - 19:47:3.357 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.358 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.358 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.358 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV | |
| 7/9/2020 - 19:47:3.359 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV | |
| 7/9/2020 - 19:47:3.359 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV | |
| 7/9/2020 - 19:47:3.359 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV | |
| 7/9/2020 - 19:47:3.359 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.361 | Write | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.362 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.362 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos | |
| 7/9/2020 - 19:47:3.362 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos | |
| 7/9/2020 - 19:47:3.363 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos | |
| 7/9/2020 - 19:47:3.363 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos | |
| 7/9/2020 - 19:47:3.363 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.363 | Write | 1480 | C:\malware.exe | C:\Users\Public\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.364 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.364 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 7/9/2020 - 19:47:3.364 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.364 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.364 | Open | 1480 | C:\malware.exe | C:\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.365 | Unknown | 1480 | C:\malware.exe | C:\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.365 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:47:3.365 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | |
| 7/9/2020 - 19:47:3.365 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | Behemot.contact |
| 7/9/2020 - 19:47:3.365 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | Behemot.contact |
| 7/9/2020 - 19:47:3.366 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | |
| 7/9/2020 - 19:47:3.368 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:47:3.368 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:47:3.368 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 7/9/2020 - 19:47:3.368 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:47:3.368 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 7/9/2020 - 19:47:3.368 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:47:3.369 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:47:3.369 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:47:3.369 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:47:3.370 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:47:3.370 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.371 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.371 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.371 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:3.371 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:3.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:3.374 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:47:3.374 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 7/9/2020 - 19:47:3.374 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:3.375 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:3.375 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:3.375 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:3.375 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.375 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.376 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.376 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:3.376 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:3.377 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:3.377 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:3.377 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.377 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.378 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.378 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 7/9/2020 - 19:47:3.378 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 7/9/2020 - 19:47:3.378 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 7/9/2020 - 19:47:3.378 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Music | |
| 7/9/2020 - 19:47:3.379 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Music | |
| 7/9/2020 - 19:47:3.379 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures | |
| 7/9/2020 - 19:47:3.379 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures | |
| 7/9/2020 - 19:47:3.379 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games | |
| 7/9/2020 - 19:47:3.379 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games | |
| 7/9/2020 - 19:47:3.379 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:3.380 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:3.380 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.380 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.380 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:3.380 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:3.381 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.381 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:3.381 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.381 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:3.382 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.382 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:3.382 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.382 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.382 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:3.433 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:3.433 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:3.434 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:3.434 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.434 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:3.435 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:3.435 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.435 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:3.436 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.436 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:3.436 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.436 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:3.437 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.437 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.437 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:3.439 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:3.439 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Videos | |
| 7/9/2020 - 19:47:3.439 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Videos | |
| 7/9/2020 - 19:47:3.439 | Open | 1480 | C:\malware.exe | C:\Users\Default\Desktop | |
| 7/9/2020 - 19:47:3.440 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Desktop | |
| 7/9/2020 - 19:47:3.440 | Open | 1480 | C:\malware.exe | C:\Users\Default\Documents | |
| 7/9/2020 - 19:47:3.440 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Documents | |
| 7/9/2020 - 19:47:3.440 | Open | 1480 | C:\malware.exe | C:\Users\Default\Downloads | |
| 7/9/2020 - 19:47:3.440 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Downloads | |
| 7/9/2020 - 19:47:3.440 | Open | 1480 | C:\malware.exe | C:\Users\Default\Favorites | |
| 7/9/2020 - 19:47:3.441 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Favorites | |
| 7/9/2020 - 19:47:3.441 | Open | 1480 | C:\malware.exe | C:\Users\Default\Links | |
| 7/9/2020 - 19:47:3.441 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Links | |
| 7/9/2020 - 19:47:3.441 | Open | 1480 | C:\malware.exe | C:\Users\Default\Music | |
| 7/9/2020 - 19:47:3.441 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Music | |
| 7/9/2020 - 19:47:3.441 | Open | 1480 | C:\malware.exe | C:\Users\Default\Pictures | |
| 7/9/2020 - 19:47:3.442 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Pictures | |
| 7/9/2020 - 19:47:3.442 | Open | 1480 | C:\malware.exe | C:\Users\Default\Saved Games | |
| 7/9/2020 - 19:47:3.442 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Saved Games | |
| 7/9/2020 - 19:47:3.442 | Open | 1480 | C:\malware.exe | C:\Users\Default\Videos | |
| 7/9/2020 - 19:47:3.442 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\Videos | |
| 7/9/2020 - 19:47:3.442 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:47:3.442 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 7/9/2020 - 19:47:3.443 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 7/9/2020 - 19:47:3.443 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 7/9/2020 - 19:47:3.443 | Open | 1480 | C:\malware.exe | C:\Users\Public\Downloads | |
| 7/9/2020 - 19:47:3.443 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Downloads | |
| 7/9/2020 - 19:47:3.443 | Open | 1480 | C:\malware.exe | C:\Users\Public\Favorites | |
| 7/9/2020 - 19:47:3.443 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Favorites | |
| 7/9/2020 - 19:47:3.444 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:3.444 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | |
| 7/9/2020 - 19:47:3.444 | Read | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | RecordedTV.library-ms |
| 7/9/2020 - 19:47:3.444 | Read | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | RecordedTV.library-ms |
| 7/9/2020 - 19:47:3.445 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | |
| 7/9/2020 - 19:47:3.447 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:3.447 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music | |
| 7/9/2020 - 19:47:3.447 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:3.447 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:3.448 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:3.448 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:3.448 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.449 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.449 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.449 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music | |
| 7/9/2020 - 19:47:3.449 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures | |
| 7/9/2020 - 19:47:3.449 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:3.450 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:3.450 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:3.450 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:3.451 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.451 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.452 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.452 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures | |
| 7/9/2020 - 19:47:3.452 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV | |
| 7/9/2020 - 19:47:3.452 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:3.454 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:3.454 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:3.454 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:3.455 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.461 | Write | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.462 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.462 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV | |
| 7/9/2020 - 19:47:3.462 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos | |
| 7/9/2020 - 19:47:3.462 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:3.463 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:3.463 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:3.463 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:3.463 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.464 | Write | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.464 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.464 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos | |
| 7/9/2020 - 19:47:3.464 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:47:3.465 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor | |
| 7/9/2020 - 19:47:3.465 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor | |
| 7/9/2020 - 19:47:3.465 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor | |
| 7/9/2020 - 19:47:3.465 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor | |
| 7/9/2020 - 19:47:3.466 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.466 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.466 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.467 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:47:3.467 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:3.467 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | |
| 7/9/2020 - 19:47:3.467 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | Galeria do Web Slice.url |
| 7/9/2020 - 19:47:3.467 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | |
| 7/9/2020 - 19:47:3.469 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | |
| 7/9/2020 - 19:47:3.469 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | Sites Sugeridos.url |
| 7/9/2020 - 19:47:3.470 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | |
| 7/9/2020 - 19:47:3.472 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:3.472 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:3.472 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | |
| 7/9/2020 - 19:47:3.472 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | Microsoft Brasil.url |
| 7/9/2020 - 19:47:3.472 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | |
| 7/9/2020 - 19:47:3.474 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | |
| 7/9/2020 - 19:47:3.474 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | MSN Brasil.url |
| 7/9/2020 - 19:47:3.474 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | |
| 7/9/2020 - 19:47:3.512 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:3.512 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:3.476 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | |
| 7/9/2020 - 19:47:3.516 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | Windows Brasil.url |
| 7/9/2020 - 19:47:3.516 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | |
| 7/9/2020 - 19:47:3.522 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:3.522 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:3.522 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:3.523 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:3.523 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:3.537 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:3.540 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | |
| 7/9/2020 - 19:47:3.541 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:3.541 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:3.541 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | |
| 7/9/2020 - 19:47:3.542 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | |
| 7/9/2020 - 19:47:3.542 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:3.542 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:3.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | |
| 7/9/2020 - 19:47:3.545 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:3.545 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:3.545 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | |
| 7/9/2020 - 19:47:3.545 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:3.545 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:3.546 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | |
| 7/9/2020 - 19:47:3.548 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:3.549 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:3.549 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:3.549 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:3.551 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | |
| 7/9/2020 - 19:47:3.552 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:3.552 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:3.552 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | |
| 7/9/2020 - 19:47:3.554 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | |
| 7/9/2020 - 19:47:3.554 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:3.554 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:3.555 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | |
| 7/9/2020 - 19:47:3.557 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:3.557 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:3.557 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:3.557 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:3.559 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | |
| 7/9/2020 - 19:47:3.560 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:3.560 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:3.560 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | |
| 7/9/2020 - 19:47:3.562 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:3.563 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:3.563 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:3.563 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:3.565 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:3.566 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:3.566 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:3.566 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:3.593 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:3.593 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:3.594 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:3.595 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:3.595 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | |
| 7/9/2020 - 19:47:3.629 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:3.629 | Read | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:3.629 | Read | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:3.630 | Read | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:3.665 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | |
| 7/9/2020 - 19:47:3.666 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:3.666 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:3.666 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:3.667 | Read | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:3.667 | Read | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:3.667 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:3.669 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:3.669 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor | |
| 7/9/2020 - 19:47:3.669 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files | |
| 7/9/2020 - 19:47:3.670 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files | |
| 7/9/2020 - 19:47:3.670 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files | |
| 7/9/2020 - 19:47:3.671 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files | |
| 7/9/2020 - 19:47:3.671 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.671 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.671 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.672 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware | |
| 7/9/2020 - 19:47:3.672 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware | |
| 7/9/2020 - 19:47:3.672 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware | |
| 7/9/2020 - 19:47:3.672 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware | |
| 7/9/2020 - 19:47:3.673 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.673 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.673 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.673 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:3.674 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:3.674 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:3.674 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:3.675 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:3.674 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.675 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.675 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.675 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor | |
| 7/9/2020 - 19:47:3.676 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files | |
| 7/9/2020 - 19:47:3.676 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.676 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.676 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.677 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.677 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.677 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.678 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.678 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.678 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.678 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.679 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.679 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:3.679 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.680 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:3.680 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files | |
| 7/9/2020 - 19:47:3.680 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware | |
| 7/9/2020 - 19:47:3.680 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Malware | |
| 7/9/2020 - 19:47:3.680 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:3.680 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | |
| 7/9/2020 - 19:47:3.681 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:47:3.681 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:47:3.667 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | Behemot.contact |
| 7/9/2020 - 19:47:3.681 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | |
| 7/9/2020 - 19:47:3.683 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | |
| 7/9/2020 - 19:47:3.683 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:47:3.683 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:47:3.684 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | |
| 7/9/2020 - 19:47:3.686 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:3.686 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.686 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles | |
| 7/9/2020 - 19:47:3.686 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.686 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs | |
| 7/9/2020 - 19:47:3.684 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | Behemot.contact |
| 7/9/2020 - 19:47:3.688 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\drprov.dll | |
| 7/9/2020 - 19:47:3.689 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\drprov.dll | |
| 7/9/2020 - 19:47:3.692 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\winsta.dll | |
| 7/9/2020 - 19:47:3.692 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\winsta.dll | |
| 7/9/2020 - 19:47:3.693 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntlanman.dll | |
| 7/9/2020 - 19:47:3.694 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntlanman.dll | |
| 7/9/2020 - 19:47:3.697 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\davclnt.dll | |
| 7/9/2020 - 19:47:3.698 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\davclnt.dll | |
| 7/9/2020 - 19:47:3.701 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\davhlpr.dll | |
| 7/9/2020 - 19:47:3.701 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\davhlpr.dll | |
| 7/9/2020 - 19:47:3.741 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:3.741 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:3.774 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:3.774 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.774 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.774 | Read | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | RecordedTV.library-ms |
| 7/9/2020 - 19:47:3.774 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | Galeria do Web Slice.url |
| 7/9/2020 - 19:47:3.774 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | Galeria do Web Slice.url |
| 7/9/2020 - 19:47:3.775 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | Sites Sugeridos.url |
| 7/9/2020 - 19:47:3.775 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | Microsoft Brasil.url |
| 7/9/2020 - 19:47:3.775 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | Microsoft Brasil.url |
| 7/9/2020 - 19:47:3.775 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | MSN Brasil.url |
| 7/9/2020 - 19:47:3.775 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | MSN Brasil.url |
| 7/9/2020 - 19:47:3.776 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:3.776 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | Windows Brasil.url |
| 7/9/2020 - 19:47:3.776 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | Windows Brasil.url |
| 7/9/2020 - 19:47:3.777 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:3.777 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:3.821 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:3.822 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:3.825 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:3.825 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:3.865 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:3.866 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:3.869 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:3.870 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:3.878 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:3.884 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:3.886 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:3.886 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:3.888 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:3.888 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:3.891 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:3.891 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:3.894 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:3.895 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:3.901 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:3.903 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:3.904 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:3.909 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:3.912 | Read | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:3.915 | Read | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:3.916 | Read | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:3.917 | Read | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:3.926 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:47:3.926 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:47:3.927 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | Behemot.contact |
| 7/9/2020 - 19:47:3.928 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:3.928 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | RecordedTV.library-ms |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | Galeria do Web Slice.url |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | Sites Sugeridos.url |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | Microsoft Brasil.url |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | MSN Brasil.url |
| 7/9/2020 - 19:47:3.929 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:3.930 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | Windows Brasil.url |
| 7/9/2020 - 19:47:3.941 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:3.953 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:4.2 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:4.10 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:4.18 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:4.23 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:4.63 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:4.70 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:4.75 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:4.76 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:4.83 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:4.83 | Write | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:4.88 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:4.132 | Write | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:4.133 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:47:4.133 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:47:4.133 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | Behemot.contact |
| 7/9/2020 - 19:47:4.133 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:4.134 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:4.134 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | |
| 7/9/2020 - 19:47:4.134 | Open | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.134 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT.LOG1 | NTUSER.DAT.LOG1 |
| 7/9/2020 - 19:47:4.135 | Unknown | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.135 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:4.135 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:4.135 | Write | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | RecordedTV.library-ms |
| 7/9/2020 - 19:47:4.135 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | Galeria do Web Slice.url |
| 7/9/2020 - 19:47:4.136 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | Sites Sugeridos.url |
| 7/9/2020 - 19:47:4.136 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | Microsoft Brasil.url |
| 7/9/2020 - 19:47:4.136 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | MSN Brasil.url |
| 7/9/2020 - 19:47:4.136 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:4.136 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:4.136 | Open | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.137 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:4.137 | Unknown | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.137 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | Windows Brasil.url |
| 7/9/2020 - 19:47:4.137 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:4.146 | Write | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:4.147 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:4.147 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:4.147 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:4.147 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:4.147 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:4.147 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:4.147 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:4.148 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:4.148 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:4.148 | Open | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.149 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:4.149 | Unknown | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.149 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:4.150 | Open | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:4.150 | Open | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.150 | Unknown | 1480 | C:\malware.exe | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:4.150 | Unknown | 1480 | C:\malware.exe | C:\Users\Default | |
| 7/9/2020 - 19:47:4.151 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:4.151 | Write | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:4.151 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:47:4.151 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:47:4.152 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | |
| 7/9/2020 - 19:47:4.152 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:47:4.152 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\Behemot.contact | Behemot.contact |
| 7/9/2020 - 19:47:4.152 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts | |
| 7/9/2020 - 19:47:4.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:4.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:47:4.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor.zip | |
| 7/9/2020 - 19:47:4.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads | |
| 7/9/2020 - 19:47:4.154 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | |
| 7/9/2020 - 19:47:4.154 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:4.154 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Everywhere.search-ms | Everywhere.search-ms |
| 7/9/2020 - 19:47:4.154 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:4.154 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | |
| 7/9/2020 - 19:47:4.155 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:4.155 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\Indexed Locations.search-ms | Indexed Locations.search-ms |
| 7/9/2020 - 19:47:4.155 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Searches | |
| 7/9/2020 - 19:47:4.155 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | |
| 7/9/2020 - 19:47:4.156 | Open | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:4.156 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Libraries\RecordedTV.library-ms | RecordedTV.library-ms |
| 7/9/2020 - 19:47:4.156 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Libraries | |
| 7/9/2020 - 19:47:4.156 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | |
| 7/9/2020 - 19:47:4.156 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:4.157 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url | Galeria do Web Slice.url |
| 7/9/2020 - 19:47:4.157 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:4.157 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | Sites Sugeridos.url |
| 7/9/2020 - 19:47:4.157 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | |
| 7/9/2020 - 19:47:4.157 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:4.157 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url | Sites Sugeridos.url |
| 7/9/2020 - 19:47:4.158 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:47:4.158 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | |
| 7/9/2020 - 19:47:4.158 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:4.158 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url | Microsoft Brasil.url |
| 7/9/2020 - 19:47:4.158 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:4.160 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | |
| 7/9/2020 - 19:47:4.162 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:4.169 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url | MSN Brasil.url |
| 7/9/2020 - 19:47:4.169 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:4.170 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | |
| 7/9/2020 - 19:47:4.170 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:4.170 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url | Windows Brasil.url |
| 7/9/2020 - 19:47:4.170 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:47:4.170 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:4.170 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:4.171 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:4.171 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | |
| 7/9/2020 - 19:47:4.171 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:4.171 | Write | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:4.171 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:4.172 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | |
| 7/9/2020 - 19:47:4.172 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:4.172 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | Maid with the Flaxen Hair.mp3 |
| 7/9/2020 - 19:47:4.172 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:4.173 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:4.173 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | |
| 7/9/2020 - 19:47:4.173 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:4.173 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | Sleep Away.mp3 |
| 7/9/2020 - 19:47:4.173 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\Sample Music | |
| 7/9/2020 - 19:47:4.174 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:4.174 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | |
| 7/9/2020 - 19:47:4.174 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.174 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | Chrysanthemum.jpg |
| 7/9/2020 - 19:47:4.174 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.175 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:4.175 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:4.175 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.175 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | |
| 7/9/2020 - 19:47:4.175 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.244 | Open | 1480 | C:\malware.exe | C:\wkscli.dll | |
| 7/9/2020 - 19:47:4.244 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wkscli.dll | |
| 7/9/2020 - 19:47:4.244 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wkscli.dll | |
| 7/9/2020 - 19:47:4.246 | Open | 1480 | C:\malware.exe | C:\cscapi.dll | |
| 7/9/2020 - 19:47:4.246 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cscapi.dll | |
| 7/9/2020 - 19:47:4.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cscapi.dll | |
| 7/9/2020 - 19:47:4.249 | Open | 1480 | C:\malware.exe | C:\netutils.dll | |
| 7/9/2020 - 19:47:4.249 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\netutils.dll | |
| 7/9/2020 - 19:47:4.250 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\netutils.dll | |
| 7/9/2020 - 19:47:4.250 | Open | 1480 | C:\malware.exe | C:\browcli.dll | |
| 7/9/2020 - 19:47:4.250 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\browcli.dll | |
| 7/9/2020 - 19:47:4.251 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\browcli.dll | |
| 7/9/2020 - 19:47:4.175 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:4.259 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | |
| 7/9/2020 - 19:47:4.259 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.259 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | Hydrangeas.jpg |
| 7/9/2020 - 19:47:4.259 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.260 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:4.260 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | |
| 7/9/2020 - 19:47:4.260 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.260 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | Jellyfish.jpg |
| 7/9/2020 - 19:47:4.261 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.261 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:4.262 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:4.262 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.262 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | |
| 7/9/2020 - 19:47:4.262 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.263 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:4.263 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | |
| 7/9/2020 - 19:47:4.263 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.263 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | Lighthouse.jpg |
| 7/9/2020 - 19:47:4.264 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.264 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:4.264 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:4.265 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.265 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | |
| 7/9/2020 - 19:47:4.265 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.266 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:4.266 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:4.266 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.266 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | |
| 7/9/2020 - 19:47:4.266 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\Sample Pictures | |
| 7/9/2020 - 19:47:4.267 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:4.267 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | |
| 7/9/2020 - 19:47:4.267 | Open | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:4.267 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | win7_scenic-demoshort_raw.wtv |
| 7/9/2020 - 19:47:4.268 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\Sample Media | |
| 7/9/2020 - 19:47:4.269 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:47:4.269 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | |
| 7/9/2020 - 19:47:4.269 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:4.269 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat | windowskernelcapturedriver.cat |
| 7/9/2020 - 19:47:4.270 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:4.270 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:47:4.270 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | |
| 7/9/2020 - 19:47:4.270 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:4.271 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf | WindowsKernelCaptureDriver.inf |
| 7/9/2020 - 19:47:4.271 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package | |
| 7/9/2020 - 19:47:4.271 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:4.272 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:4.272 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:4.272 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | |
| 7/9/2020 - 19:47:4.272 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\Sample Videos | |
| 7/9/2020 - 19:47:6.551 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.551 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.552 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.551 | Open | 1480 | C:\malware.exe | \Device\Mup\.\.\ | |
| 7/9/2020 - 19:47:6.552 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.552 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.552 | Unknown | 1480 | C:\malware.exe | \Device\Mup\.\.\ | |
| 7/9/2020 - 19:47:6.552 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.553 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.553 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.553 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.552 | Open | 1480 | C:\malware.exe | \Device\Mup\.\.\ | |
| 7/9/2020 - 19:47:6.553 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.554 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.554 | Unknown | 1480 | C:\malware.exe | \Device\Mup\.\.\ | |
| 7/9/2020 - 19:47:6.554 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.554 | Open | 1480 | C:\malware.exe | C:\srvcli.dll | |
| 7/9/2020 - 19:47:6.554 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\srvcli.dll | |
| 7/9/2020 - 19:47:6.555 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\srvcli.dll | |
| 7/9/2020 - 19:47:6.556 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.556 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.556 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.556 | Open | 1480 | C:\malware.exe | \Device\Mup\.\.\ | |
| 7/9/2020 - 19:47:6.556 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.557 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.557 | Unknown | 1480 | C:\malware.exe | \Device\Mup\.\.\ | |
| 7/9/2020 - 19:47:6.557 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.557 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.557 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.557 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.558 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.558 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.558 | Unknown | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace | |
| 7/9/2020 - 19:47:6.557 | Open | 1480 | C:\malware.exe | \Device\Mup\;Csc\.\.\W7VM1 | |
| 7/9/2020 - 19:47:6.558 | Open | 1480 | C:\malware.exe | C:\Windows\CSC\v2.0.6\namespace\W7VM1 | |
| 7/9/2020 - 19:47:6.558 | Open | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\ | |
| 7/9/2020 - 19:47:8.460 | Unknown | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\ | |
| 7/9/2020 - 19:47:8.527 | Open | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\ | |
| 7/9/2020 - 19:47:8.902 | Unknown | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\ | |
| 7/9/2020 - 19:47:8.968 | Open | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:9.567 | Write | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:9.567 | Write | 1480 | C:\malware.exe | C:\Users\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:9.567 | Unknown | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:9.634 | Open | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\ | |
| 7/9/2020 - 19:47:10.109 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot | |
| 7/9/2020 - 19:47:10.653 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot | |
| 7/9/2020 - 19:47:10.719 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot | |
| 7/9/2020 - 19:47:11.178 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot | |
| 7/9/2020 - 19:47:11.245 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:12.76 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:12.76 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:12.76 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:12.162 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default | |
| 7/9/2020 - 19:47:12.625 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default | |
| 7/9/2020 - 19:47:12.691 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default | |
| 7/9/2020 - 19:47:13.296 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default | |
| 7/9/2020 - 19:47:13.363 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:14.189 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:14.189 | Write | 1480 | C:\malware.exe | C:\Users\Default\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:14.189 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:14.256 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public | |
| 7/9/2020 - 19:47:14.716 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public | |
| 7/9/2020 - 19:47:14.784 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public | |
| 7/9/2020 - 19:47:15.253 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public | |
| 7/9/2020 - 19:47:15.326 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:16.193 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:16.193 | Write | 1480 | C:\malware.exe | C:\Users\Public\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:16.194 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:16.358 | Unknown | 1480 | C:\malware.exe | \Device\Mup\W7VM1\Users\ | |
| 7/9/2020 - 19:47:16.358 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot | |
| 7/9/2020 - 19:47:17.8 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts | |
| 7/9/2020 - 19:47:17.469 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts | |
| 7/9/2020 - 19:47:17.539 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts | |
| 7/9/2020 - 19:47:18.3 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts | |
| 7/9/2020 - 19:47:18.123 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:18.907 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:18.907 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:18.907 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:18.973 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop | |
| 7/9/2020 - 19:47:19.511 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop | |
| 7/9/2020 - 19:47:19.578 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop | |
| 7/9/2020 - 19:47:20.120 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop | |
| 7/9/2020 - 19:47:20.186 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:21.12 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:21.12 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:21.12 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:21.79 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Documents | |
| 7/9/2020 - 19:47:21.541 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Documents | |
| 7/9/2020 - 19:47:21.607 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Documents | |
| 7/9/2020 - 19:47:22.204 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Documents | |
| 7/9/2020 - 19:47:22.271 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\documents\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:23.16 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:23.16 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:23.16 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:23.84 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads | |
| 7/9/2020 - 19:47:23.548 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads | |
| 7/9/2020 - 19:47:23.625 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads | |
| 7/9/2020 - 19:47:24.161 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads | |
| 7/9/2020 - 19:47:24.227 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\downloads\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:24.907 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:24.907 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:24.907 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:24.980 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites | |
| 7/9/2020 - 19:47:25.525 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites | |
| 7/9/2020 - 19:47:25.591 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites | |
| 7/9/2020 - 19:47:26.48 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites | |
| 7/9/2020 - 19:47:26.115 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\favorites\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:26.840 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:26.840 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:26.840 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:26.909 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links | |
| 7/9/2020 - 19:47:27.366 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links | |
| 7/9/2020 - 19:47:27.432 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links | |
| 7/9/2020 - 19:47:27.924 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links | |
| 7/9/2020 - 19:47:27.993 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:28.836 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:28.836 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:28.836 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:28.906 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music | |
| 7/9/2020 - 19:47:29.475 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music | |
| 7/9/2020 - 19:47:29.554 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music | |
| 7/9/2020 - 19:47:30.172 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music | |
| 7/9/2020 - 19:47:30.242 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music\43cd2k60-readme.txt | |
| 7/9/2020 - 19:47:31.60 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:31.60 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:31.60 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:47:31.127 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:31.456 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:31.886 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:31.886 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:31.974 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:31.975 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:31.975 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:32.52 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:32.52 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:32.391 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:32.730 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:33.629 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:47:33.696 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:33.696 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:33.696 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:33.771 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:33.771 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:33.771 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:33.844 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:34.937 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:35.337 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:35.338 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:35.460 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:35.460 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:35.460 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:35.569 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:35.569 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:35.909 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:36.239 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:36.735 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:47:36.823 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:36.823 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:36.823 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:36.898 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:36.898 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:36.898 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:36.971 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:38.5 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:38.340 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:38.341 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:38.416 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:38.416 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:38.417 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:38.496 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:38.497 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:38.828 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:39.230 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:39.690 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:47:39.761 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:39.761 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:39.761 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:39.836 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:39.836 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:39.837 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:39.923 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:40.956 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:41.290 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:41.623 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:42.133 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:42.133 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:42.217 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:42.217 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:42.217 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:42.294 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:42.294 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:42.629 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:42.962 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:43.484 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:47:43.553 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:43.553 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:43.553 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:43.627 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:43.627 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:43.628 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:43.702 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:43.702 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:44.31 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:45.113 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:46.192 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:46.531 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:46.532 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:46.610 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:46.610 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:46.610 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:46.683 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:46.683 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:47.103 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:47.433 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:47.881 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:47:47.949 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:47.949 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:47.949 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:48.66 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:48.67 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:48.67 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:48.76 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:48.77 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:48.437 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:49.38 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:50.117 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:50.527 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:50.527 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:50.630 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:50.630 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:50.630 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:50.747 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:50.747 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:51.82 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:51.410 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:51.993 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:47:52.59 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:52.59 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:52.59 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:52.135 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:52.135 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:52.135 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:52.209 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:52.209 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:52.541 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:53.209 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:54.298 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:54.630 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:54.967 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:55.353 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:55.353 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:55.451 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:47:55.451 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:55.451 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:47:55.528 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:47:55.529 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:55.858 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:56.185 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:56.691 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:47:56.757 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:57.702 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:58.669 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:58.737 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:58.737 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:58.737 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:58.881 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:47:58.881 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:58.881 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:47:58.891 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:47:58.892 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:59.255 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:47:59.891 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:0.975 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:1.382 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:1.382 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:1.462 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:1.462 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:1.462 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:1.537 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:1.537 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:1.869 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:2.197 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:2.708 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:48:2.775 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:3.184 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:3.868 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:3.935 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:3.935 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:3.935 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:4.13 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:4.14 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:4.14 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:4.89 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:4.89 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:4.420 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:5.96 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:6.201 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:6.563 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:6.563 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:6.638 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:6.638 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:6.639 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:6.713 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:6.713 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:7.44 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:7.416 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:7.892 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:48:7.959 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:8.293 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:9.56 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:9.124 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:9.124 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:9.124 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:9.203 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:9.203 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:9.203 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:9.282 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:9.282 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:9.620 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:10.340 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:11.423 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:11.756 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:12.100 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:12.500 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:12.500 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:12.578 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:12.578 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:12.578 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:12.652 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:12.653 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:12.981 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:13.310 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:13.818 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:48:13.886 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:14.285 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:14.966 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:15.33 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:15.33 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:15.33 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:15.108 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:15.109 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:15.109 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:15.183 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:15.184 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:15.513 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:16.218 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:16.292 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:16.631 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:17.702 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:18.791 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:19.137 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:19.137 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:19.214 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:19.214 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:19.215 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:19.291 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:19.291 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:19.700 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:20.45 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:20.491 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:48:20.557 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:20.970 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:21.576 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:21.642 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:21.642 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:21.642 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:21.717 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:21.717 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:21.717 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:21.792 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:21.792 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:22.194 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:22.862 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:22.928 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:23.328 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:24.64 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:25.154 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:25.488 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:25.489 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:25.700 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:25.700 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:25.700 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:25.813 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:25.813 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:26.195 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:26.530 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:27.38 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1 | ntuser.dat.LOG1 |
| 7/9/2020 - 19:48:27.146 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:27.506 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:28.183 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:28.250 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:28.250 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:28.250 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:28.439 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\ntuser.dat.LOG1 | |
| 7/9/2020 - 19:48:28.439 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:28.440 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | |
| 7/9/2020 - 19:48:28.606 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms |
| 7/9/2020 - 19:48:28.606 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:28.949 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | |
| 7/9/2020 - 19:48:29.674 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf |
| 7/9/2020 - 19:48:29.763 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:30.99 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:30.772 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms |
| 7/9/2020 - 19:48:31.887 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | |
| 7/9/2020 - 19:48:32.284 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures | |
| 7/9/2020 - 19:48:32.755 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures | |
| 7/9/2020 - 19:48:32.828 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures | |
| 7/9/2020 - 19:48:33.349 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures | |
| 7/9/2020 - 19:48:33.416 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:34.292 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:34.292 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:34.292 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:34.360 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Saved Games | |
| 7/9/2020 - 19:48:34.880 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Saved Games | |
| 7/9/2020 - 19:48:34.948 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Saved Games | |
| 7/9/2020 - 19:48:35.441 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Saved Games | |
| 7/9/2020 - 19:48:35.509 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\saved games\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:36.255 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\saved games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:36.255 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:36.256 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\saved games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:36.325 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches | |
| 7/9/2020 - 19:48:36.793 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches | |
| 7/9/2020 - 19:48:36.861 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches | |
| 7/9/2020 - 19:48:37.360 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches | |
| 7/9/2020 - 19:48:37.456 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:38.229 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:38.229 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:38.229 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:38.297 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos | |
| 7/9/2020 - 19:48:38.823 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos | |
| 7/9/2020 - 19:48:38.912 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos | |
| 7/9/2020 - 19:48:39.404 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos | |
| 7/9/2020 - 19:48:39.472 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:40.331 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:40.331 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:40.331 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:40.496 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot | |
| 7/9/2020 - 19:48:40.562 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default | |
| 7/9/2020 - 19:48:41.121 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop | |
| 7/9/2020 - 19:48:41.660 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop | |
| 7/9/2020 - 19:48:41.726 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop | |
| 7/9/2020 - 19:48:42.187 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop | |
| 7/9/2020 - 19:48:42.253 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:43.77 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:43.77 | Write | 1480 | C:\malware.exe | C:\Users\Default\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:43.77 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:43.143 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Documents | |
| 7/9/2020 - 19:48:43.602 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Documents | |
| 7/9/2020 - 19:48:43.668 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Documents | |
| 7/9/2020 - 19:48:44.283 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Documents | |
| 7/9/2020 - 19:48:44.349 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\documents\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:45.103 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:45.103 | Write | 1480 | C:\malware.exe | C:\Users\Default\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:45.103 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:45.169 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Downloads | |
| 7/9/2020 - 19:48:45.631 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Downloads | |
| 7/9/2020 - 19:48:45.698 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Downloads | |
| 7/9/2020 - 19:48:46.201 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Downloads | |
| 7/9/2020 - 19:48:46.295 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\downloads\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:46.952 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:46.952 | Write | 1480 | C:\malware.exe | C:\Users\Default\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:46.952 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:47.20 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Favorites | |
| 7/9/2020 - 19:48:47.550 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Favorites | |
| 7/9/2020 - 19:48:47.617 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Favorites | |
| 7/9/2020 - 19:48:48.75 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Favorites | |
| 7/9/2020 - 19:48:48.141 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\favorites\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:48.883 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:48.883 | Write | 1480 | C:\malware.exe | C:\Users\Default\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:48.883 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:48.950 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links | |
| 7/9/2020 - 19:48:49.425 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links | |
| 7/9/2020 - 19:48:49.497 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links | |
| 7/9/2020 - 19:48:50.28 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links | |
| 7/9/2020 - 19:48:50.96 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:50.889 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:50.889 | Write | 1480 | C:\malware.exe | C:\Users\Default\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:50.889 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:50.958 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music | |
| 7/9/2020 - 19:48:51.489 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music | |
| 7/9/2020 - 19:48:51.555 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music | |
| 7/9/2020 - 19:48:52.17 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music | |
| 7/9/2020 - 19:48:52.85 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:52.914 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:52.914 | Write | 1480 | C:\malware.exe | C:\Users\Default\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:52.914 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:52.981 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures | |
| 7/9/2020 - 19:48:53.442 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures | |
| 7/9/2020 - 19:48:53.509 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures | |
| 7/9/2020 - 19:48:54.95 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures | |
| 7/9/2020 - 19:48:54.162 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:54.944 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:54.944 | Write | 1480 | C:\malware.exe | C:\Users\Default\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:54.944 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:55.150 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Saved Games | |
| 7/9/2020 - 19:48:55.639 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Saved Games | |
| 7/9/2020 - 19:48:55.706 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Saved Games | |
| 7/9/2020 - 19:48:56.165 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Saved Games | |
| 7/9/2020 - 19:48:56.231 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\saved games\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:56.963 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\saved games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:56.963 | Write | 1480 | C:\malware.exe | C:\Users\Default\Saved Games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:56.963 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\saved games\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:57.31 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Videos | |
| 7/9/2020 - 19:48:57.490 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Videos | |
| 7/9/2020 - 19:48:57.557 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Videos | |
| 7/9/2020 - 19:48:58.96 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Videos | |
| 7/9/2020 - 19:48:58.164 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Videos\43cd2k60-readme.txt | |
| 7/9/2020 - 19:48:59.35 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:59.35 | Write | 1480 | C:\malware.exe | C:\Users\Default\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:59.35 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:48:59.218 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default | |
| 7/9/2020 - 19:48:59.309 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public | |
| 7/9/2020 - 19:48:59.872 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Desktop | |
| 7/9/2020 - 19:49:0.332 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Desktop | |
| 7/9/2020 - 19:49:0.444 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Desktop | |
| 7/9/2020 - 19:49:0.928 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Desktop | |
| 7/9/2020 - 19:49:0.996 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Desktop\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:1.797 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:1.797 | Write | 1480 | C:\malware.exe | C:\Users\Public\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:1.797 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Desktop\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:1.870 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Documents | |
| 7/9/2020 - 19:49:2.372 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Documents | |
| 7/9/2020 - 19:49:2.438 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Documents | |
| 7/9/2020 - 19:49:2.947 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Documents | |
| 7/9/2020 - 19:49:3.13 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\documents\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:3.744 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:3.744 | Write | 1480 | C:\malware.exe | C:\Users\Public\Documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:3.745 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\documents\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:3.813 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Downloads | |
| 7/9/2020 - 19:49:4.343 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Downloads | |
| 7/9/2020 - 19:49:4.411 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Downloads | |
| 7/9/2020 - 19:49:4.926 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Downloads | |
| 7/9/2020 - 19:49:4.995 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\downloads\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:5.664 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:5.664 | Write | 1480 | C:\malware.exe | C:\Users\Public\Downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:5.664 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\downloads\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:5.730 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Favorites | |
| 7/9/2020 - 19:49:6.259 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Favorites | |
| 7/9/2020 - 19:49:6.326 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Favorites | |
| 7/9/2020 - 19:49:6.792 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Favorites | |
| 7/9/2020 - 19:49:6.865 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\favorites\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:7.617 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:7.617 | Write | 1480 | C:\malware.exe | C:\Users\Public\Favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:7.617 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\favorites\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:7.689 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Libraries | |
| 7/9/2020 - 19:49:8.153 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Libraries | |
| 7/9/2020 - 19:49:8.261 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Libraries | |
| 7/9/2020 - 19:49:8.756 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Libraries | |
| 7/9/2020 - 19:49:8.823 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\libraries\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:9.604 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\libraries\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:9.604 | Write | 1480 | C:\malware.exe | C:\Users\Public\Libraries\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:9.604 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\libraries\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:9.672 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Music | |
| 7/9/2020 - 19:49:10.221 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Music | |
| 7/9/2020 - 19:49:10.288 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Music | |
| 7/9/2020 - 19:49:10.745 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Music | |
| 7/9/2020 - 19:49:10.811 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Music\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:11.643 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:11.643 | Write | 1480 | C:\malware.exe | C:\Users\Public\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:11.643 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Music\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:11.709 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Pictures | |
| 7/9/2020 - 19:49:12.168 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Pictures | |
| 7/9/2020 - 19:49:12.235 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Pictures | |
| 7/9/2020 - 19:49:12.768 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Pictures | |
| 7/9/2020 - 19:49:12.834 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Pictures\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:13.589 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:13.589 | Write | 1480 | C:\malware.exe | C:\Users\Public\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:13.589 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Pictures\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:13.699 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Recorded TV | |
| 7/9/2020 - 19:49:14.296 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Recorded TV | |
| 7/9/2020 - 19:49:14.363 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Recorded TV | |
| 7/9/2020 - 19:49:14.822 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Recorded TV | |
| 7/9/2020 - 19:49:14.937 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\recorded tv\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:15.630 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\recorded tv\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:15.630 | Write | 1480 | C:\malware.exe | C:\Users\Public\Recorded TV\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:15.630 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\recorded tv\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:15.698 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Videos | |
| 7/9/2020 - 19:49:16.232 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Videos | |
| 7/9/2020 - 19:49:16.299 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Videos | |
| 7/9/2020 - 19:49:16.759 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Videos | |
| 7/9/2020 - 19:49:16.826 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Videos\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:17.664 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:17.664 | Write | 1480 | C:\malware.exe | C:\Users\Public\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:17.664 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public\Videos\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:17.829 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Public | |
| 7/9/2020 - 19:49:17.896 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts | |
| 7/9/2020 - 19:49:18.860 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Contacts | |
| 7/9/2020 - 19:49:18.928 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop | |
| 7/9/2020 - 19:49:19.860 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Desktop | |
| 7/9/2020 - 19:49:19.954 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Documents | |
| 7/9/2020 - 19:49:20.853 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Documents | |
| 7/9/2020 - 19:49:20.926 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads | |
| 7/9/2020 - 19:49:21.785 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:49:22.375 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:49:22.441 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:49:22.903 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads\Monitor | |
| 7/9/2020 - 19:49:22.969 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads\Monitor\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:23.808 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:23.808 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:23.808 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads\Monitor\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:23.976 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Downloads | |
| 7/9/2020 - 19:49:24.43 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites | |
| 7/9/2020 - 19:49:24.915 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:49:25.421 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:49:25.491 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:49:25.979 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links | |
| 7/9/2020 - 19:49:26.45 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:26.910 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:26.910 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:26.910 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:26.978 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:49:27.436 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:49:27.504 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:49:28.14 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\Links for Brasil | |
| 7/9/2020 - 19:49:28.113 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\links for brasil\43cd2k60-readme.txt | |
| 7/9/2020 - 19:49:28.771 | Write | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\links for brasil\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:28.771 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\Links for Brasil\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:28.771 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites\links for brasil\43cd2k60-readme.txt | 43cd2k60-readme.txt |
| 7/9/2020 - 19:49:28.938 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Favorites | |
| 7/9/2020 - 19:49:29.4 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links | |
| 7/9/2020 - 19:49:30.8 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Links | |
| 7/9/2020 - 19:49:30.75 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music | |
| 7/9/2020 - 19:49:31.65 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Music | |
| 7/9/2020 - 19:49:31.161 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures | |
| 7/9/2020 - 19:49:32.92 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Pictures | |
| 7/9/2020 - 19:49:32.159 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Saved Games | |
| 7/9/2020 - 19:49:33.145 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Saved Games | |
| 7/9/2020 - 19:49:33.211 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches | |
| 7/9/2020 - 19:49:34.188 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Searches | |
| 7/9/2020 - 19:49:34.256 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos | |
| 7/9/2020 - 19:49:35.166 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Behemot\Videos | |
| 7/9/2020 - 19:49:35.307 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop | |
| 7/9/2020 - 19:49:36.211 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Desktop | |
| 7/9/2020 - 19:49:36.278 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Documents | |
| 7/9/2020 - 19:49:37.338 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Documents | |
| 7/9/2020 - 19:49:37.406 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Downloads | |
| 7/9/2020 - 19:49:38.381 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Downloads | |
| 7/9/2020 - 19:49:38.447 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Favorites | |
| 7/9/2020 - 19:49:39.332 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Favorites | |
| 7/9/2020 - 19:49:39.438 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links | |
| 7/9/2020 - 19:49:40.362 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Links | |
| 7/9/2020 - 19:49:40.428 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music | |
| 7/9/2020 - 19:49:41.429 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Music | |
| 7/9/2020 - 19:49:41.506 | Open | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures | |
| 7/9/2020 - 19:49:42.458 | Unknown | 1480 | C:\malware.exe | \Device\Mup\w7vm1\users\Default\Pictures |
Process
Trace
| 7/9/2020 - 19:45:45.744 | Create | 1480 | C:\malware.exe | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| 7/9/2020 - 19:46:49.88 | Terminate | 1480 | C:\malware.exe | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Analysis
Reason
Timeout
Status
Sucessfully Executed
Results
1
Registry
Trace
| 7/9/2020 - 19:45:45.549 | Write | 1480 | C:\malware.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant | Ybr |
| 7/9/2020 - 19:45:45.549 | Write | 1480 | C:\malware.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant | S6yP |
| 7/9/2020 - 19:45:45.551 | Write | 1480 | C:\malware.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant | dA2U3 |
| 7/9/2020 - 19:45:45.552 | Write | 1480 | C:\malware.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant | 8eN335 |
| 7/9/2020 - 19:45:45.554 | Write | 1480 | C:\malware.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant | zEhXReE |
| 7/9/2020 - 19:45:45.562 | Write | 1480 | C:\malware.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant | fOvNL4TU |
| 7/9/2020 - 19:45:45.563 | Write | 1480 | C:\malware.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run | BV7BRrErOX |
| 7/9/2020 - 19:45:46.173 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.174 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.174 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.188 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.245 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.245 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.245 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.251 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.252 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.252 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.252 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.253 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.253 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.253 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.254 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.254 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.254 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.254 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.255 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.255 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.255 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.256 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.256 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.256 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.256 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.257 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.257 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.257 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.258 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.259 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.259 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.259 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.260 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.260 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.260 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.260 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.261 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.261 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.261 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.261 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.262 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.262 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.262 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.262 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.263 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.263 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.263 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.263 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.264 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.264 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.264 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.265 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.265 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.265 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.265 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.266 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.266 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.266 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.266 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.267 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.267 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.267 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.276 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.357 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.443 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.444 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.444 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.445 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.445 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.446 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.446 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.447 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.448 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.448 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.449 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.455 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.456 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.461 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:45:46.462 | Write | 2476 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 7/9/2020 - 19:46:49.373 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | Owner |
| 7/9/2020 - 19:46:49.373 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | SessionHash |
| 7/9/2020 - 19:46:49.373 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | Sequence |
| 7/9/2020 - 19:46:49.374 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:49.374 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:50.397 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:50.397 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:51.471 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:51.472 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:52.536 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:52.536 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:53.649 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:53.650 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:54.740 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:54.741 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:55.832 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:55.832 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:56.979 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:56.979 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:58.113 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:58.113 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:46:59.326 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:46:59.326 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:0.617 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:0.617 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:1.860 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:1.861 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:31.883 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:31.883 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:35.332 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:35.332 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:38.337 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:38.338 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:42.122 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:42.122 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:46.526 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:46.526 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:50.523 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:50.524 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:47:55.349 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:47:55.349 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:48:1.379 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:48:1.379 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:48:6.560 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:48:6.561 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:48:12.497 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:48:12.498 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:48:19.134 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:48:19.134 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
| 7/9/2020 - 19:48:25.485 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFiles0000 |
| 7/9/2020 - 19:48:25.486 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\RestartManager\Session0000 | RegFilesHash |
File Summary
Created
Identified: True check_circle
Deleted
Identified: False cancel
Process Summary
Created
Identified: True check_circle
Deleted
Identified: True check_circle
Registry Summary
Proxy
Identified: False cancel
AutoRun
Identified: False cancel
Created
Identified: True check_circle
Deleted
Identified: False cancel
Browsers
Identified: False cancel
Internet
Identified: False cancel
Loading...
DNS
Query
Response
TCP
Info
UDP
Info
HTTP
Info
Summary
DNS
False cancel
TCP
False cancel
UDP
False cancel
HTTP
False cancel
Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 67.50%suspicious: True check_circle
Decision Tree (NFS-BRMalware)
confidence: 100.00%suspicious: True check_circle
MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 73.69%suspicious: True check_circle
Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.00%suspicious: False cancel
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 67.53%suspicious: True check_circle
LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%suspicious: True check_circle