Corvus_ - Report #11153

Report #11153

Creation Date: Sept. 8, 2020, 3:29 p.m.
Last Update: Sept. 8, 2020, 3:43 p.m.
File: 003_adv
Results:

General
Static
Detection
Dynamic
Graph
Network
Classification

Binary

DLL

False

Size

129.00KB

trid

61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable

type

wordsize

Subsystem

Windows CLI

Hashes

md5

5775a592ed670a6693c66c3aa2d83282

sha1

6025477114a546e4f946c7d506c53e9211beb1eb

crc32

0xc9e16f53

sha224

a78881fadc91064d880fdbf77d6a309b3e95e548b790bff8c8831706

sha256

2d6d522c78364dc29ab849fe45e77b703c574566ddc475c2f9df9b6ccfa6fed7

sha384

cee8d8f167175c0c2e7c1af3e52d321e1a5908923cf628e075b842f7d8217f2cba3d8ddf9036c6ea20f63c258feec6a7

sha512

0e3424cee19b18e95db590b886d25612f9c9062a24df405c868704287d119f8f2d1d4743ac516abd3667dd0216f2382354058db7ea8dc4b2ede49e98d01f7300

ssdeep

3072:2n/P7VvpXmjmYdJ4Z1RjnRdRkVGH7l87L:c/P7D2jJD4DRBuG

Community

Google

False

HashLib

False

YARA

Matches

win_registry, domain, anti_dbg, IsPE64, contentis_base64, HasDebugData, RijnDael_AES, IsConsole, maldoc_find_kernel32_base_method_1, CRC32_poly_Constant, Microsoft_Visual_Cpp_80_DLL, HasRichSignature

Suspicious

True

Strings

List

C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
COMCTL32.dll
MSVCR110.dll
WINMM.dll
UxTheme.dll
proc.exe
proc.exe
o%A0}
<requestedPrivileges>
__crt_debugger_hook
IsProcessorFeaturePresent
t1SSSh
CreateEventW
PSSh
IsDebuggerPresent
CreateProcessW
CoCreateInstance
RegOpenKeyExW
RegCreateKeyW
LoadResource
RegQueryValueExW
RegDeleteKeyW
RegGetValueW
QueryPerformanceCounter
RegSetValueExW
GetModuleHandleW
RegEnumKeyExW
fprintf
fopen
__crtCapturePreviousContext
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
BBBBhhhhAAAA
AAAAOOOOgggg
8-878A8K8[8e8o8
s@,E
__crtTerminateProcess
@X\uft3e
_commode
_initterm
__setusermatherr
__C_specific_handler
_initterm_e
Ti-b[Xv+S
_calloc_crt
__set_app_type
__dllonexit
_amsg_exit
__getmainargs
_XcptFilter
__initenv
?terminate@@YAXXZ
;22dV::tN
&&&&6666????
D$(9D$$s.HcD$$H
</assembly>
_unlock
}e#GEWF
It8]B4
MeOgU~M
O44h\
dV22tN::
2dV2:tN:
V22dN::t
Df""T~**;
`.rdata
`.rdata
_onexit
2Ht\l
f""D~**T
""Df**T~
;V#npGR2
LcA<E3
5,ANf
`3SbE
Gan;6
H3E H3E
ServicesActive
pCe-Rn)
N.}U(' PMs
p\lHtW
@.data
@.data
a44Do
R##Fe
WideCharToMultiByte
M H1E
QPeA~S
JNeME~
kIV,ge
P[bfie
_fmode
_cexit
Ur&ge
cl{au
_exit
?wreD
Rich?
R`ALy
-1HA
11#?*0

Foremost

Matches

24.exe, 115 KB

Suspicious

True

Heuristics

IPs

hasIPs: False
Allowed
Suspicious
hasAllowed: False
hasSuspicious: False

URLs

Allowed
hasURLs: False
Suspicious
hasAllowed: False
hasSuspicious: False

Files

Allowed: ADVAPI32.dll, MSVCR110.dll, ole32.dll, SHLWAPI.dll, USER32.dll, SHELL32.dll, COMCTL32.dll, RPCRT4.dll, UxTheme.dll, WINMM.dll, GDI32.dll, OLEAUT32.dll, KERNEL32.dll
hasFiles: True
Suspicious
hasAllowed: True
hasSuspicious: False

Binary

Sizes

RVA
RVA: 16
Suspicious: False
Code
Size: 127488
Suspicious: False
Image
Address: 5368709120
Suspicious: False
Stack
Stack: 4096
Suspicious: False
Headers
Headers: 1024
Suspicious: False
Suspicious: False

Symbols

Number
Number: 0
Suspicious: True
Pointer
Pointer: 0
Suspicious: True
Directories
Number: 16
Suspicious: False

Checksum

Value: 0
Suspicous: True

Sections

Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True
hasSections: True
hasSuspicious: False

Versions

OS
Version: 6
Suspicious: False
Image
Version: True
Suspicious: 6
Linker
Version: 11.0
Suspicious: False
Subsystem
Version: 6.0
Suspicious: False
Suspicious: False

EntryPoint

Address: 6772
Suspicious: False

Anomalies

Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True

Libraries

Allowed: advapi32.dll, ole32.dll, shlwapi.dll, user32.dll, shell32.dll, comctl32.dll, rpcrt4.dll, uxtheme.dll, winmm.dll, gdi32.dll, oleaut32.dll, kernel32.dll
hasLibs: True
Suspicious: msvcr110.dll
hasAllowed: True
hasSuspicious: True

Timestamp

Past: False
Valid: True
Value: 2020-09-03 16:23:37
Future: False

Compilation

Packed: False
Missing: False
Packers
Compiled: True
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation

XOR: True
Fuzzing: False

PEDetector

Matches

12448

Suspicious

True

Disassembly

hasTricks

False

Tricks

AVclass

sodinokibi

VirusTotal

md5

5775a592ed670a6693c66c3aa2d83282

sha1

6025477114a546e4f946c7d506c53e9211beb1eb

SCANS (DETECTION RATE = 59.42%)

AVG

result: Win32:Malware-gen
update: 20200908
version: 18.4.3895.0
detected: True

CMC

update: 20200908
version: 2.7.2019.1
detected: False

MAX

result: malware (ai score=83)
update: 20200908
version: 2019.9.16.1
detected: True

APEX

update: 20200907
version: 6.68
detected: False

Bkav

update: 20200908
version: 1.3.0.9899
detected: False

K7GW

result: Trojan ( 0054d99c1 )
update: 20200908
version: 11.135.35196
detected: True

ALYac

result: Trojan.Ransom.Sodinokibi
update: 20200908
version: 1.1.1.5
detected: True

Avast

result: Win32:Malware-gen
update: 20200908
version: 18.4.3895.0
detected: True

Avira

result: TR/Crypt.XPACK.Gen
update: 20200908
version: 8.3.3.8
detected: True

Baidu

update: 20190318
version: 1.0.0.2
detected: False

Cynet

update: 20200905
version: 4.0.0.24
detected: False

Cyren

update: 20200908
version: 6.3.0.2
detected: False

DrWeb

result: Trojan.Encoder.28004
update: 20200908
version: 7.0.48.8080
detected: True

GData

result: Win32.Trojan-Ransom.Sokinokibi.ECPW8C
update: 20200908
version: A:25.26931B:27.20096
detected: True

Panda

result: Trj/CI.A
update: 20200908
version: 4.6.4.2
detected: True

VBA32

update: 20200908
version: 4.4.1
detected: False

VIPRE

result: Trojan.Win32.Generic!BT
update: 20200908
version: 86532
detected: True

Zoner

update: 20200908
version: 0.0.0.0
detected: False

ClamAV

result: Win.Ransomware.Sodinokibi-7013612-0
update: 20200907
version: 0.102.4.0
detected: True

Comodo

result: .UnclassifiedMalware@0
update: 20200728
version: 32668
detected: True

Ikarus

result: Trojan-Ransom.Sodinokibi
update: 20200908
version: 0.1.5.2
detected: True

McAfee

result: Artemis!5775A592ED67
update: 20200908
version: 6.0.6.653
detected: True

Rising

result: Backdoor.Remcos!8.B89E (TFE:5:IBRWLZzTx1N)
update: 20200908
version: 25.0.0.26
detected: True

Sophos

result: Mal/Generic-S
update: 20200908
version: 4.98.0
detected: True

Yandex

update: 20200907
version: 5.5.2.24
detected: False

Zillya

update: 20200908
version: 2.0.0.4171
detected: False

Acronis

update: 20200806
version: 1.1.1.77
detected: False

Alibaba

result: Trojan:Win32/GenKryptik.ebfbbef2
update: 20190527
version: 0.3.0.5
detected: True

Arcabit

update: 20200908
version: 1.0.0.881
detected: False

Cylance

result: Unsafe
update: 20200908
version: 2.3.1.101
detected: True

Elastic

update: 20200831
version: 4.0.8
detected: False

FireEye

result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902
update: 20200908
version: 32.36.1.0
detected: True

Sangfor

update: 20200814
version: 1.0
detected: False

TACHYON

update: 20200908
version: 2020-09-08.02
detected: False

Tencent

result: Malware.Win32.Gencirc.10cdd51f
update: 20200908
version: 1.0.0.1
detected: True

ViRobot

update: 20200908
version: 2014.3.20.0
detected: False

Webroot

update: 20200908
version: 1.0.0.403
detected: False

eGambit

update: 20200908
detected: False

Ad-Aware

result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902
update: 20200908
version: 3.0.16.117
detected: True

AegisLab

result: Trojan.Win32.Gen.j!c
update: 20200908
version: 4.2
detected: True

F-Secure

result: Trojan.TR/Crypt.XPACK.Gen
update: 20200908
version: 12.0.86.52
detected: True

Fortinet

result: W32/Gen.B!tr
update: 20200908
version: 6.2.142.0
detected: True

Invincea

result: Mal/Generic-S
update: 20200908
version: 1.0.1.0
detected: True

Jiangmin

result: Trojan.MSIL.qkml
update: 20200908
version: 16.0.100
detected: True

Kingsoft

update: 20200908
version: 2013.8.14.323
detected: False

Paloalto

update: 20200908
version: 1.0
detected: False

Symantec

result: Downloader
update: 20200907
version: 1.12.0.0
detected: True

AhnLab-V3

update: 20200908
version: 3.18.1.10026
detected: False

Antiy-AVL

result: Trojan[Ransom]/Win32.Gen
update: 20200908
version: 3.0.0.1
detected: True

Kaspersky

result: HEUR:Trojan-Ransom.Win32.Gen.gen
update: 20200908
version: 15.0.1.13
detected: True

MaxSecure

update: 20200908
version: 1.0.0.1
detected: False

Microsoft

result: Trojan:Win32/Ymacco.AA2D
update: 20200908
version: 1.1.17400.5
detected: True

Qihoo-360

result: Win32/Trojan.Ransom.fb6
update: 20200908
version: 1.0.0.1120
detected: True

ZoneAlarm

result: HEUR:Trojan-Ransom.Win32.Gen.gen
update: 20200908
version: 1.0
detected: True

Cybereason

result: malicious.2ed670
update: 20190616
version: 1.2.449
detected: True

ESET-NOD32

result: a variant of Win64/GenKryptik.ERUI
update: 20200908
version: 21955
detected: True

TrendMicro

update: 20200908
version: 11.0.0.1006
detected: False

BitDefender

result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902
update: 20200908
version: 7.2
detected: True

CrowdStrike

result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True

K7AntiVirus

result: Trojan ( 0054d99c1 )
update: 20200908
version: 11.135.35194
detected: True

SentinelOne

update: 20200724
version: 4.4.0.0
detected: False

Malwarebytes

update: 20200908
version: 3.6.4.335
detected: False

TotalDefense

update: 20200908
version: 37.1.62.1
detected: False

CAT-QuickHeal

result: Trojanransom.Gen
update: 20200908
version: 14.00
detected: True

NANO-Antivirus

result: Virus.Win32.Gen.ccmw
update: 20200908
version: 1.0.134.25140
detected: True

BitDefenderTheta

result: AI:Packer.59A870CF1E
update: 20200902
version: 7.2.37796.0
detected: True

MicroWorld-eScan

result: DeepScan:Generic.Ransom.Sodinokibi.FE9FF902
update: 20200908
version: 14.0.409.0
detected: True

SUPERAntiSpyware

update: 20200904
version: 5.6.0.1032
detected: False

TrendMicro-HouseCall

update: 20200908
version: 10.0.0.1040
detected: False

total

sha256

2d6d522c78364dc29ab849fe45e77b703c574566ddc475c2f9df9b6ccfa6fed7

scan_id

2d6d522c78364dc29ab849fe45e77b703c574566ddc475c2f9df9b6ccfa6fed7-1599568023

resource

5775a592ed670a6693c66c3aa2d83282

permalink

https://www.virustotal.com/gui/file/2d6d522c78364dc29ab849fe45e77b703c574566ddc475c2f9df9b6ccfa6fed7/detection/f-2d6d522c78364dc29ab849fe45e77b703c574566ddc475c2f9df9b6ccfa6fed7-1599568023

positives

scan_date

2020-09-08 12:27:03

verbose_msg

Scan finished, information embedded

response_code

File

Trace

8/9/2020 - 14:45:42.512	Unknown	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Windows\System32\apphelp.dll
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Windows\System32\apphelp.dll
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Windows\AppPatch\sysmain.sdb
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Monitor
8/9/2020 - 14:45:42.512	Unknown	1480	C:\malware.exe	C:\Monitor
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.512	Unknown	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\
8/9/2020 - 14:45:42.512	Unknown	1480	C:\malware.exe	C:\
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Monitor
8/9/2020 - 14:45:42.512	Unknown	1480	C:\malware.exe	C:\Monitor
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Monitor
8/9/2020 - 14:45:42.512	Unknown	1480	C:\malware.exe	C:\Monitor
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.512	Read	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.512	Open	1480	C:\malware.exe	C:\Monitor\ui\SwDRM.dll
8/9/2020 - 14:45:42.528	Open	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.528	Open	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.528	Unknown	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.528	Open	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.528	Unknown	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.528	Unknown	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.528	Unknown	1480	C:\malware.exe	C:\Monitor\proc.exe
8/9/2020 - 14:45:42.528	Unknown	1480	C:\malware.exe	C:\Monitor
8/9/2020 - 14:45:42.528	Unknown	1480	C:\malware.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\Prefetch\PROC.EXE-5509F567.pf
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wow64.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wow64.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wow64win.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wow64win.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wow64cpu.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wow64cpu.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wow64log.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows
8/9/2020 - 14:45:42.543	Unknown	1488	C:\Monitor\proc.exe	C:\Windows
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Monitor
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Monitor\rstrtmgr.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\RstrtMgr.dll
8/9/2020 - 14:45:42.543	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\RstrtMgr.dll
8/9/2020 - 14:45:42.575	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\sechost.dll
8/9/2020 - 14:45:42.575	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\sechost.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Monitor\ncrypt.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\ncrypt.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\ncrypt.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Monitor\bcrypt.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\bcrypt.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\bcrypt.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\imm32.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\imm32.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\imm32.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\imm32.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\imm32.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\imm32.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Monitor\winhttp.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\winhttp.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\winhttp.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Monitor\webio.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\webio.dll
8/9/2020 - 14:45:42.590	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\webio.dll
8/9/2020 - 14:45:42.606	Open	1488	C:\Monitor\proc.exe	C:\Monitor\winmm.dll
8/9/2020 - 14:45:42.606	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\winmm.dll
8/9/2020 - 14:45:42.606	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\winmm.dll
8/9/2020 - 14:45:42.606	Open	1488	C:\Monitor\proc.exe	C:\Monitor\mpr.dll
8/9/2020 - 14:45:42.606	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\mpr.dll
8/9/2020 - 14:45:42.606	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\mpr.dll
8/9/2020 - 14:45:45.685	Open	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:45:45.686	Unknown	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:45:45.692	Open	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:45:45.692	Unknown	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:45:45.735	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rpcss.dll
8/9/2020 - 14:45:45.736	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rpcss.dll
8/9/2020 - 14:45:45.858	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\wbemprox.dll
8/9/2020 - 14:45:45.861	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\wbemprox.dll
8/9/2020 - 14:45:45.868	Open	1488	C:\Monitor\proc.exe	C:\Monitor\powershell.exe
8/9/2020 - 14:45:45.869	Open	1488	C:\Monitor\proc.exe	C:\Monitor\powershell.exe
8/9/2020 - 14:45:45.869	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\powershell.exe
8/9/2020 - 14:45:45.870	Open	1488	C:\Monitor\proc.exe	C:\Windows\system\powershell.exe
8/9/2020 - 14:45:45.870	Open	1488	C:\Monitor\proc.exe	C:\Windows\powershell.exe
8/9/2020 - 14:45:45.870	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\powershell.exe
8/9/2020 - 14:45:45.870	Open	1488	C:\Monitor\proc.exe	C:\Windows\powershell.exe
8/9/2020 - 14:45:45.870	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\wbem\powershell.exe
8/9/2020 - 14:45:45.871	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
8/9/2020 - 14:45:45.871	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	powershell.exe
8/9/2020 - 14:45:45.871	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
8/9/2020 - 14:45:45.871	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	powershell.exe
8/9/2020 - 14:45:45.872	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
8/9/2020 - 14:45:45.875	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\wbemcomn.dll
8/9/2020 - 14:45:45.875	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbemcomn.dll
8/9/2020 - 14:45:45.876	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbemcomn.dll
8/9/2020 - 14:45:46.24	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\Logs
8/9/2020 - 14:45:46.59	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\Logs
8/9/2020 - 14:45:46.61	Open	1488	C:\Monitor\proc.exe	C:\Monitor\CRYPTSP.dll
8/9/2020 - 14:45:46.61	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\cryptsp.dll
8/9/2020 - 14:45:46.62	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\cryptsp.dll
8/9/2020 - 14:45:46.63	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.63	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.64	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.64	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.64	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.65	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.65	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.65	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.66	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.66	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.72	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.72	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\rsaenh.dll
8/9/2020 - 14:45:46.74	Open	1488	C:\Monitor\proc.exe	C:\Windows\Globalization\Sorting\SortDefault.nls
8/9/2020 - 14:45:46.74	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
8/9/2020 - 14:45:46.75	Open	1488	C:\Monitor\proc.exe	C:\Monitor\RpcRtRemote.dll
8/9/2020 - 14:45:46.75	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\RpcRtRemote.dll
8/9/2020 - 14:45:46.76	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\RpcRtRemote.dll	RpcRtRemote.dll
8/9/2020 - 14:45:46.76	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\RpcRtRemote.dll
8/9/2020 - 14:45:46.76	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\RpcRtRemote.dll	RpcRtRemote.dll
8/9/2020 - 14:45:46.77	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\apphelp.dll
8/9/2020 - 14:45:46.77	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\apphelp.dll
8/9/2020 - 14:45:46.78	Open	1488	C:\Monitor\proc.exe	C:\Windows\AppPatch\AppPatch64\sysmain.sdb
8/9/2020 - 14:45:46.79	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.79	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.79	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
8/9/2020 - 14:45:46.79	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	powershell.exe
8/9/2020 - 14:45:46.80	Open	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:45:46.80	Unknown	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:45:46.80	Open	1488	C:\Monitor\proc.exe	C:\Windows
8/9/2020 - 14:45:46.80	Unknown	1488	C:\Monitor\proc.exe	C:\Windows
8/9/2020 - 14:45:46.80	Open	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell
8/9/2020 - 14:45:46.80	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell
8/9/2020 - 14:45:46.83	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	powershell.exe
8/9/2020 - 14:45:46.128	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Prefetch\POWERSHELL.EXE-920BBA2A.pf
8/9/2020 - 14:45:46.129	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:45:46.351	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\wbemsvc.dll
8/9/2020 - 14:45:46.354	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\wbemsvc.dll
8/9/2020 - 14:45:46.402	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\sechost.dll
8/9/2020 - 14:45:46.402	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\sechost.dll
8/9/2020 - 14:45:46.411	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\ATL.DLL
8/9/2020 - 14:45:46.411	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\atl.dll
8/9/2020 - 14:45:46.411	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\atl.dll
8/9/2020 - 14:45:46.413	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\mscoree.dll
8/9/2020 - 14:45:46.413	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\mscoree.dll
8/9/2020 - 14:45:46.414	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\mscoree.dll
8/9/2020 - 14:45:46.418	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\imm32.dll
8/9/2020 - 14:45:46.419	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\imm32.dll
8/9/2020 - 14:45:46.420	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\imm32.dll
8/9/2020 - 14:45:46.420	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\imm32.dll
8/9/2020 - 14:45:46.421	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\imm32.dll
8/9/2020 - 14:45:46.421	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\imm32.dll
8/9/2020 - 14:45:46.423	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
8/9/2020 - 14:45:46.443	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rpcss.dll
8/9/2020 - 14:45:46.443	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rpcss.dll
8/9/2020 - 14:45:46.444	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rpcss.dll
8/9/2020 - 14:45:46.445	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rpcss.dll
8/9/2020 - 14:45:46.447	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\CRYPTBASE.dll
8/9/2020 - 14:45:46.448	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cryptbase.dll
8/9/2020 - 14:45:46.448	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cryptbase.dll	cryptbase.dll
8/9/2020 - 14:45:46.448	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cryptbase.dll
8/9/2020 - 14:45:46.448	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cryptbase.dll	cryptbase.dll
8/9/2020 - 14:45:46.449	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\uxtheme.dll
8/9/2020 - 14:45:46.449	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\uxtheme.dll
8/9/2020 - 14:45:46.506	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shell32.dll
8/9/2020 - 14:45:46.506	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shell32.dll
8/9/2020 - 14:45:46.510	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shell32.dll
8/9/2020 - 14:45:46.511	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:45:46.511	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:45:46.511	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:45:46.514	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:45:46.515	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
8/9/2020 - 14:45:46.515	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
8/9/2020 - 14:45:46.515	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
8/9/2020 - 14:45:46.515	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
8/9/2020 - 14:45:46.516	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\WindowsShell.Manifest
8/9/2020 - 14:45:46.516	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\WindowsShell.Manifest	WindowsShell.Manifest
8/9/2020 - 14:45:46.517	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Globalization\Sorting\SortDefault.nls
8/9/2020 - 14:45:46.518	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
8/9/2020 - 14:45:46.518	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8/9/2020 - 14:45:46.518	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8/9/2020 - 14:45:46.519	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
8/9/2020 - 14:45:46.519	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
8/9/2020 - 14:45:46.520	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
8/9/2020 - 14:45:46.520	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	powershell.exe
8/9/2020 - 14:45:46.520	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.520	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.520	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.520	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.520	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell
8/9/2020 - 14:45:46.521	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell
8/9/2020 - 14:45:46.522	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.522	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.523	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.523	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.524	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\propsys.dll
8/9/2020 - 14:45:46.524	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\propsys.dll
8/9/2020 - 14:45:46.525	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
8/9/2020 - 14:45:46.525	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
8/9/2020 - 14:45:46.525	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
8/9/2020 - 14:45:46.526	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
8/9/2020 - 14:45:46.526	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
8/9/2020 - 14:45:46.526	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\desktop.ini
8/9/2020 - 14:45:46.526	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\desktop.ini
8/9/2020 - 14:45:46.528	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.528	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.528	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.528	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.528	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.528	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.529	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.529	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.529	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
8/9/2020 - 14:45:46.529	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.529	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.529	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/9/2020 - 14:45:46.530	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/9/2020 - 14:45:46.530	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
8/9/2020 - 14:45:46.530	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
8/9/2020 - 14:45:46.530	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Desktop\desktop.ini
8/9/2020 - 14:45:46.531	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Desktop\desktop.ini
8/9/2020 - 14:45:46.534	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.535	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.535	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.535	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.535	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.535	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.535	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.536	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.536	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.536	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.536	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.536	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.536	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.536	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.537	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/9/2020 - 14:45:46.537	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/9/2020 - 14:45:46.537	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.537	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.537	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
8/9/2020 - 14:45:46.537	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
8/9/2020 - 14:45:46.538	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.538	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.538	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.538	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.539	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.539	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.539	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\desktop.ini
8/9/2020 - 14:45:46.539	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.539	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.539	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.540	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.540	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
8/9/2020 - 14:45:46.540	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
8/9/2020 - 14:45:46.541	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\fastprox.dll
8/9/2020 - 14:45:46.542	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\fastprox.dll
8/9/2020 - 14:45:46.558	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wbem\NTDSAPI.dll
8/9/2020 - 14:45:46.559	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\ntdsapi.dll
8/9/2020 - 14:45:46.560	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\ntdsapi.dll
8/9/2020 - 14:45:46.614	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.614	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.614	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.614	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.615	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.615	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.615	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.615	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.615	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.615	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.616	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.617	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.617	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
8/9/2020 - 14:45:46.618	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
8/9/2020 - 14:45:46.619	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:45:46.619	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:45:46.619	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.619	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.620	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.620	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.620	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.620	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.620	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public\Desktop
8/9/2020 - 14:45:46.621	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public\Desktop
8/9/2020 - 14:45:46.621	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.621	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.621	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.621	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.621	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public\desktop.ini
8/9/2020 - 14:45:46.622	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public\desktop.ini
8/9/2020 - 14:45:46.622	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public
8/9/2020 - 14:45:46.622	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public
8/9/2020 - 14:45:46.622	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public\Desktop\desktop.ini
8/9/2020 - 14:45:46.622	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Public\Desktop\desktop.ini
8/9/2020 - 14:45:46.623	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\apphelp.dll
8/9/2020 - 14:45:46.623	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\apphelp.dll
8/9/2020 - 14:45:46.624	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\apphelp.dll
8/9/2020 - 14:45:46.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\gameux.dll
8/9/2020 - 14:45:46.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\gameux.dll
8/9/2020 - 14:45:46.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\gameux.dll
8/9/2020 - 14:45:46.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\gameux.dll
8/9/2020 - 14:45:46.626	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:45:46.626	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:45:46.626	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:45:46.626	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:45:46.627	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:45:46.627	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
8/9/2020 - 14:45:46.627	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
8/9/2020 - 14:45:46.627	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
8/9/2020 - 14:45:46.627	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
8/9/2020 - 14:45:46.628	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
8/9/2020 - 14:45:46.628	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\xmllite.dll
8/9/2020 - 14:45:46.629	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\xmllite.dll
8/9/2020 - 14:45:46.630	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wer.dll
8/9/2020 - 14:45:46.630	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wer.dll
8/9/2020 - 14:45:46.688	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.762	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.763	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.763	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.764	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.765	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.765	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.766	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.766	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.767	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.768	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.768	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\gameux.dll
8/9/2020 - 14:45:46.769	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
8/9/2020 - 14:45:46.769	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
8/9/2020 - 14:45:46.770	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.770	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.770	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.770	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.770	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.770	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.771	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.771	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.771	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.771	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.771	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.771	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.772	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
8/9/2020 - 14:45:46.772	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
8/9/2020 - 14:45:46.772	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
8/9/2020 - 14:45:46.772	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
8/9/2020 - 14:45:46.772	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
8/9/2020 - 14:45:46.773	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
8/9/2020 - 14:45:46.774	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shdocvw.dll
8/9/2020 - 14:45:46.775	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shdocvw.dll
8/9/2020 - 14:45:46.775	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shdocvw.dll
8/9/2020 - 14:45:46.777	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.777	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.777	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.778	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users
8/9/2020 - 14:45:46.778	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.778	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:46.778	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.778	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData
8/9/2020 - 14:45:46.778	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.778	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:46.779	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.779	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
8/9/2020 - 14:45:46.779	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
8/9/2020 - 14:45:46.779	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
8/9/2020 - 14:45:46.779	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
8/9/2020 - 14:45:46.779	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
8/9/2020 - 14:45:46.836	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
8/9/2020 - 14:45:46.837	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
8/9/2020 - 14:45:46.838	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
8/9/2020 - 14:45:46.877	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
8/9/2020 - 14:45:46.877	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
8/9/2020 - 14:45:46.878	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.878	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.879	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.879	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.879	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.879	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.879	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.879	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.880	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.880	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.880	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.880	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.880	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
8/9/2020 - 14:45:46.881	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
8/9/2020 - 14:45:46.881	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
8/9/2020 - 14:45:46.881	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
8/9/2020 - 14:45:46.881	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
8/9/2020 - 14:45:46.882	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
8/9/2020 - 14:45:46.882	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.882	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.883	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\LINKINFO.dll
8/9/2020 - 14:45:46.883	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\linkinfo.dll
8/9/2020 - 14:45:46.883	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\linkinfo.dll
8/9/2020 - 14:45:46.884	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.884	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.884	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\ntshrui.dll
8/9/2020 - 14:45:46.884	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\ntshrui.dll
8/9/2020 - 14:45:46.885	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\ntshrui.dll
8/9/2020 - 14:45:46.885	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\srvcli.dll
8/9/2020 - 14:45:46.886	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\srvcli.dll
8/9/2020 - 14:45:46.886	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\srvcli.dll
8/9/2020 - 14:45:46.926	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\cscapi.dll
8/9/2020 - 14:45:46.926	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cscapi.dll
8/9/2020 - 14:45:46.926	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cscapi.dll
8/9/2020 - 14:45:46.927	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\slc.dll
8/9/2020 - 14:45:46.928	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\slc.dll
8/9/2020 - 14:45:46.928	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\slc.dll
8/9/2020 - 14:45:46.929	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
8/9/2020 - 14:45:46.929	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.930	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.930	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.930	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.930	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.934	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	Windows PowerShell.lnk
8/9/2020 - 14:45:46.934	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.934	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.935	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.935	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData
8/9/2020 - 14:45:46.935	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.935	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft
8/9/2020 - 14:45:46.935	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.935	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows
8/9/2020 - 14:45:46.936	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.936	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu
8/9/2020 - 14:45:46.936	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.936	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
8/9/2020 - 14:45:46.936	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
8/9/2020 - 14:45:46.936	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
8/9/2020 - 14:45:46.937	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.937	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.937	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.937	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.937	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
8/9/2020 - 14:45:46.937	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.938	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.938	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.938	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.938	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
8/9/2020 - 14:45:46.938	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	Windows PowerShell.lnk
8/9/2020 - 14:45:46.938	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.938	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.939	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.939	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.939	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.939	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.939	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32
8/9/2020 - 14:45:46.939	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32
8/9/2020 - 14:45:46.940	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell
8/9/2020 - 14:45:46.940	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell
8/9/2020 - 14:45:46.940	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.940	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.940	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.940	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.941	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
8/9/2020 - 14:45:46.941	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.941	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.941	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.941	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.942	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:45:46.942	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe	powershell_ise.exe
8/9/2020 - 14:45:46.946	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.946	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.946	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.946	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.947	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.947	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:46.947	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\hh.exe
8/9/2020 - 14:45:46.948	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.948	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.948	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.948	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.949	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:46.949	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
8/9/2020 - 14:45:46.950	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\CRYPTSP.dll
8/9/2020 - 14:45:46.950	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cryptsp.dll
8/9/2020 - 14:45:46.950	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\cryptsp.dll
8/9/2020 - 14:45:46.951	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.951	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.952	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.952	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.952	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.952	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.953	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.953	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.953	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.954	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.958	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.958	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rsaenh.dll
8/9/2020 - 14:45:46.959	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.959	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.960	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp	2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.961	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp	2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.961	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp	2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.961	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp	2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.961	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
8/9/2020 - 14:45:46.962	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.962	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
8/9/2020 - 14:45:46.962	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2TV8M1DLJNSQH5D2VAT5.temp	2TV8M1DLJNSQH5D2VAT5.temp
8/9/2020 - 14:45:46.963	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
8/9/2020 - 14:45:46.964	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:45:46.965	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\mscoree.dll.local
8/9/2020 - 14:45:46.965	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727
8/9/2020 - 14:45:46.965	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727
8/9/2020 - 14:45:46.965	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\Upgrades.2.0.50727
8/9/2020 - 14:45:46.966	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\Upgrades.2.0.50727
8/9/2020 - 14:45:47.21	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.config
8/9/2020 - 14:45:47.21	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727
8/9/2020 - 14:45:47.21	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727
8/9/2020 - 14:45:47.21	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
8/9/2020 - 14:45:47.22	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
8/9/2020 - 14:45:47.304	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
8/9/2020 - 14:45:47.351	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:45:47.351	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs
8/9/2020 - 14:45:47.351	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:45:47.354	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:45:47.354	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:45:47.355	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
8/9/2020 - 14:45:47.355	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
8/9/2020 - 14:45:47.356	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
8/9/2020 - 14:45:47.357	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:47.357	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:45:47.357	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:47.357	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows
8/9/2020 - 14:45:47.357	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:45:47.358	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:45:49.57	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
8/9/2020 - 14:45:49.592	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:49.592	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:49.694	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:49.694	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:49.694	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:49.695	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:49.695	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.config
8/9/2020 - 14:45:49.908	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
8/9/2020 - 14:45:50.612	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
8/9/2020 - 14:45:50.612	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
8/9/2020 - 14:45:50.613	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
8/9/2020 - 14:45:50.614	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
8/9/2020 - 14:45:50.616	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:50.616	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:50.616	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:45:50.616	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:50.617	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:50.617	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming
8/9/2020 - 14:45:50.617	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
8/9/2020 - 14:45:50.617	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
8/9/2020 - 14:45:50.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
8/9/2020 - 14:45:50.692	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
8/9/2020 - 14:45:50.701	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.701	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
8/9/2020 - 14:45:50.702	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.702	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.736	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.769	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.802	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.835	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.873	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.910	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.944	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:50.977	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.11	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.45	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.80	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.113	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.146	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.179	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.213	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.249	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.283	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.316	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.349	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.382	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.417	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.452	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.488	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.522	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.588	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.664	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.699	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.734	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.803	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:51.922	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:45:51.961	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:45:51.996	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:45:52.30	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.237	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.273	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.340	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.375	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.409	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.450	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.485	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.521	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.563	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.597	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.632	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.669	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.774	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:52.997	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.175	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.216	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.353	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.420	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.461	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.499	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.667	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.702	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.744	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.811	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.844	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.882	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.916	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.949	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:53.989	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.23	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.57	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.90	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.160	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.512	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.545	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.579	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.612	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.645	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.746	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
8/9/2020 - 14:45:54.815	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.848	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.884	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.918	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.952	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:54.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.29	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.96	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.198	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.231	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.273	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.309	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.343	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.377	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.413	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.447	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.523	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.577	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.634	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.672	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.706	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.739	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.778	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.845	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.882	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.916	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.950	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:55.984	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.19	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.53	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.86	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.120	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.158	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.193	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.226	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.294	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.330	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.364	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.398	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.432	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.467	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.501	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.542	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.578	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.646	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.681	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.750	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.807	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.867	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.905	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.939	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:56.972	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.5	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.44	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.79	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.112	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.146	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.179	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.213	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.248	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.282	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.322	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.357	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\OLEAUT32.dll
8/9/2020 - 14:45:57.357	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:57.391	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.439	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.476	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.544	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.584	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.619	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.653	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.721	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.755	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.839	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Globalization\pt-br.nlp
8/9/2020 - 14:45:58.840	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.922	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:58.958	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:59.129	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:45:59.165	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config
8/9/2020 - 14:45:59.199	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\pubpol4.dat
8/9/2020 - 14:45:59.200	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC\PublisherPolicy.tme
8/9/2020 - 14:45:59.200	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
8/9/2020 - 14:45:59.201	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:59.201	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
8/9/2020 - 14:45:59.201	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:59.202	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:59.202	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:59.202	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:59.202	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config	machine.config
8/9/2020 - 14:45:59.308	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:45:59.532	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:45:59.532	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.566	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.566	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.566	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.600	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.638	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.676	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.710	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.745	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.778	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:45:59.848	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:45:59.848	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:45:59.962	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Management.Automation\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:45:59.962	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:0.65	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:0.65	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:0.99	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.99	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:0.100	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.140	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.175	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.210	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.245	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.280	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.314	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.348	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.388	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.422	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.460	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.529	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.579	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:0.646	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:0.647	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:0.647	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:0.647	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:0.647	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:0.648	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:0.889	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:0.962	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.29	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.62	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.95	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.130	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.164	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.231	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.265	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:1.298	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
8/9/2020 - 14:46:1.333	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
8/9/2020 - 14:46:1.436	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
8/9/2020 - 14:46:1.488	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:46:1.488	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:1.489	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:1.489	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:1.781	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.782	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.783	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.784	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.784	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.786	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.787	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.787	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.791	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.792	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.792	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:1.899	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:1.899	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:1.899	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:1.937	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:1.970	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.3	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.38	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.72	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.105	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.138	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.171	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.208	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.242	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:2.243	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:2.243	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.243	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:2.244	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.244	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.244	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.278	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.311	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.344	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.377	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:2.419	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.456	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:2.490	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:2.557	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.750	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\BVTBin\Tests\installpackage\csilogfile.log
8/9/2020 - 14:46:2.791	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.826	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:2.871	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:2.939	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.941	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:2.975	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:3.44	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.94	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:3.149	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:3.190	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:3.226	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.293	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.470	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.506	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.540	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.573	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:3.608	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
8/9/2020 - 14:46:3.711	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.711	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
8/9/2020 - 14:46:3.712	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.748	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.781	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.816	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.849	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.885	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.942	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:3.979	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.13	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.46	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.80	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.113	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.147	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.183	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.225	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.296	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.348	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.405	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.444	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:4.531	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:4.532	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.600	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.634	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.668	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.703	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.743	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.777	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.811	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.845	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.882	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:4.916	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:5.22	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.56	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.90	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.124	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.158	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.192	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.226	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.293	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.327	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.360	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.394	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.427	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.464	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.578	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.625	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.658	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.692	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.770	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.804	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.838	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:5.912	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:5.946	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:5.979	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.19	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.53	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.87	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.122	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.157	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.191	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.225	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.264	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.297	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.332	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.365	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.398	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.432	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.501	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:6.537	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.571	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.605	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:6.640	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:6.710	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.763	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.823	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.863	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:6.933	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:6.967	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:7.1	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:7.36	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.70	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:7.71	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:7.71	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.104	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.138	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.172	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.208	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.242	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.283	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\version.dll
8/9/2020 - 14:46:7.284	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\version.dll
8/9/2020 - 14:46:7.285	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\version.dll
8/9/2020 - 14:46:7.286	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.320	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:7.320	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:7.320	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:7.354	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:7.388	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:7.388	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:7.388	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.422	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.458	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:7.533	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\l_intl.nls
8/9/2020 - 14:46:7.604	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.638	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\pt-BR\KernelBase.dll.mui
8/9/2020 - 14:46:7.639	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.674	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.708	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.744	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.778	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.819	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.860	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.895	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.932	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:7.966	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.50	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.97	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.156	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.190	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.223	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.259	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.292	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.330	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.364	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.397	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.430	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.468	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.502	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.537	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.570	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.603	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.637	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.671	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.706	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.740	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.774	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.815	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.849	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.906	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:8.982	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:9.26	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
8/9/2020 - 14:46:9.27	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:9.101	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:9.136	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
8/9/2020 - 14:46:9.138	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:9.174	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.244	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:9.292	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:9.360	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.398	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.434	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.471	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.506	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.540	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.574	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.613	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.652	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.688	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:9.722	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.756	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.791	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.829	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.830	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.830	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.868	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.903	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.903	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.905	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.906	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.907	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.907	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.908	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.946	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:9.980	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:10.15	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.49	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:10.83	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:10.118	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:10.152	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:10.186	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:10.185	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
8/9/2020 - 14:46:10.288	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
8/9/2020 - 14:46:10.356	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.389	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.422	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.492	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.541	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.606	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.644	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:10.678	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:10.712	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.747	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.780	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.813	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.850	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.896	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:10.931	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
8/9/2020 - 14:46:11.66	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.66	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
8/9/2020 - 14:46:11.67	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.100	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.140	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.174	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.208	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.241	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.274	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.307	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.342	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.381	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.416	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.450	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.485	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:11.556	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:11.556	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.590	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.624	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.662	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.731	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.782	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.838	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.903	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.938	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:11.973	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:12.6	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:12.40	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:12.74	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:12.107	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.148	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:12.183	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:12.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:12.255	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:12.322	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:12.356	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:12.390	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:12.435	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:12.471	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.507	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.541	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.580	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:12.614	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.650	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:12.726	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:12.726	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.727	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:12.727	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.727	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
8/9/2020 - 14:46:12.727	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.728	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.762	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.797	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:12.833	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:12.882	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:13.13	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.68	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.129	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.166	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.239	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.273	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.388	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.423	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.460	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.499	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.658	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.695	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.768	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:13.801	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:13.875	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:13.875	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:13.973	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:13.973	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:13.974	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.9	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.43	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.78	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.111	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.144	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.179	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.255	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:14.256	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:14.257	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Core\3.5.0.0__b77a5c561934e089
8/9/2020 - 14:46:14.257	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
8/9/2020 - 14:46:14.365	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
8/9/2020 - 14:46:14.365	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
8/9/2020 - 14:46:14.403	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.403	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
8/9/2020 - 14:46:14.403	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.437	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.477	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.511	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.545	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.579	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.612	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.646	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.679	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.719	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.753	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll	System.Core.dll
8/9/2020 - 14:46:14.788	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.789	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.789	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.789	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.790	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.790	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll	Microsoft.PowerShell.Commands.Diagnostics.dll
8/9/2020 - 14:46:14.791	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:14.825	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:14.864	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:14.898	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:14.934	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:15.13	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.48	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.48	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.48	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.83	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.116	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.149	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.183	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.217	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:15.252	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:15.253	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.288	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.322	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.356	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.390	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.424	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.460	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:15.539	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:15.588	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:15.648	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:15.684	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:15.758	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:15.793	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:15.828	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:15.874	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:15.942	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:15.945	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:15.987	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:15.987	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:15.988	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.22	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.56	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.90	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.125	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.159	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.193	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.226	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.266	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:16.267	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:16.268	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:16.268	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:16.302	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:16.302	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.303	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll	Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.303	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.303	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll	Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.337	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll	Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.372	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll	Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.406	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.407	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.407	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.407	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.408	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.408	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:16.446	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:16.447	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:16.447	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.447	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.448	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll	Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.448	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.448	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll	Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.448	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll	Microsoft.WSMan.Runtime.dll
8/9/2020 - 14:46:16.450	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:16.499	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:16.541	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:16.578	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:16.613	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:16.649	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:16.718	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:16.787	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:16.844	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:16.886	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:16.920	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:16.956	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:16.989	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:17.29	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:17.68	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:17.104	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:17.141	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:17.174	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:17.208	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:17.245	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:17.279	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:17.312	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:17.346	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:17.382	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:17.451	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:17.487	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:17.538	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll
8/9/2020 - 14:46:17.609	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.609	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll
8/9/2020 - 14:46:17.610	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.644	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.678	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.712	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.747	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.787	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.821	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.858	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:17.894	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:17.894	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:17.928	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.3	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.85	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.119	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.154	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
8/9/2020 - 14:46:18.188	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.188	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
8/9/2020 - 14:46:18.188	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.223	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.258	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.301	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.336	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
8/9/2020 - 14:46:18.343	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.343	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.344	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:46:18.344	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:18.345	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:18.345	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:18.346	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
8/9/2020 - 14:46:18.346	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.347	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.347	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll	System.Transactions.dll
8/9/2020 - 14:46:18.349	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.351	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.352	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.352	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.353	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.354	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.354	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:18.435	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:18.480	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:18.514	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:18.515	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.515	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.515	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.516	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.551	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.588	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.623	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.657	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.691	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.726	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.760	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.794	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.829	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.939	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:18.974	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:18.975	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:18.975	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.9	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.43	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.43	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.43	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.43	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.44	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.44	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.46	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:19.122	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:19.196	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:19.246	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:19.246	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.246	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.246	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.246	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.299	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.345	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.379	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.414	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.448	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.482	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.520	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.553	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:19.554	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:19.555	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.555	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.555	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.555	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.556	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.556	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:19.557	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:19.602	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll
8/9/2020 - 14:46:19.672	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.672	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll
8/9/2020 - 14:46:19.672	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.708	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.742	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.776	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.810	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.859	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.895	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.930	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:19.965	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:20.2	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:20.2	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.38	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.72	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.113	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.147	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.180	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.214	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.249	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.282	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.315	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.352	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:20.392	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.427	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.427	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.427	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.498	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.548	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.621	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.661	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.695	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.729	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:20.796	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:20.797	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.831	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.866	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.899	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.932	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.965	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:20.999	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:21.32	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:21.118	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:21.154	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:21.154	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.188	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.188	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.189	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.222	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.255	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.289	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.322	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.355	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:21.356	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
8/9/2020 - 14:46:21.358	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.360	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.361	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.363	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.363	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.363	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll	Microsoft.PowerShell.Security.dll
8/9/2020 - 14:46:21.365	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:21.457	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:21.492	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:21.526	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:21.559	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:21.592	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:21.634	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Globalization\en.nlp
8/9/2020 - 14:46:21.635	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config
8/9/2020 - 14:46:21.636	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:21.637	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:21.637	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:21.638	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.638	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.638	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.638	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.673	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.708	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.785	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.829	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.915	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:21.916	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:21.916	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.916	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.916	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.916	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.916	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.917	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll	Microsoft.PowerShell.ConsoleHost.Resources.dll
8/9/2020 - 14:46:21.918	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:22.29	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:22.69	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:22.108	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll	Microsoft.PowerShell.ConsoleHost.dll
8/9/2020 - 14:46:22.146	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:22.180	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.214	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.258	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:22.295	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.296	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.296	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.297	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.301	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.335	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.336	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.336	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.337	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:22.337	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.338	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.338	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.373	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.374	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.388	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:22.390	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:22.460	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:22.495	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:22.529	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:22.564	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:22.600	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:22.636	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:22.680	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:22.715	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:22.750	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:22.784	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:22.817	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:22.850	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:22.889	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:23.23	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:23.84	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:23.132	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:23.180	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:23.217	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:23.250	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:23.290	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.323	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.356	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.389	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.429	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.464	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.500	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.534	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.600	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.633	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.666	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.702	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.738	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.775	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.817	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.851	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.953	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:23.987	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:24.26	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.116	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:24.238	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.282	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.343	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.387	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.422	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.502	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:24.541	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:24.580	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:24.616	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:24.658	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.701	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:24.736	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:24.776	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:24.810	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:24.848	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:24.888	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:24.932	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:25.14	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:25.55	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:25.122	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:25.159	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:25.192	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:25.242	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:25.290	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:25.370	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:25.407	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:25.485	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:25.538	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:25.595	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:25.629	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:25.665	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:25.699	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.767	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.767	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.767	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.768	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.802	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.836	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.873	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.907	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.940	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:25.983	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.17	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:26.120	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
8/9/2020 - 14:46:26.120	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.154	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.187	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.295	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.329	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.362	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.396	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.429	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.464	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.507	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.546	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:26.586	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:26.714	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.771	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.826	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.900	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.933	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:26.966	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:27.8	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:27.46	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:27.46	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:27.82	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:27.82	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.119	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.119	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.120	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.153	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.186	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.219	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.253	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.287	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:27.287	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:27.288	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.288	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.288	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.289	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.289	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.289	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.290	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:27.325	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:27.364	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:27.398	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:27.432	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:27.467	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\shfolder.dll
8/9/2020 - 14:46:27.468	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shfolder.dll
8/9/2020 - 14:46:27.503	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\shfolder.dll
8/9/2020 - 14:46:27.704	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:46:27.705	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:46:27.708	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:27.746	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:27.861	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:27.933	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:28.54	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:28.125	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:46:28.125	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:46:28.127	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml
8/9/2020 - 14:46:28.162	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.163	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml
8/9/2020 - 14:46:28.230	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:28.247	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:28.291	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.325	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.359	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.392	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.425	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.462	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.497	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.531	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.571	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.604	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.675	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:28.712	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:28.747	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:28.782	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:28.818	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:28.876	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml
8/9/2020 - 14:46:28.876	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.876	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.877	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.878	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.878	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.878	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.878	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.883	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:28.883	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:28.884	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:28.884	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:28.894	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml
8/9/2020 - 14:46:28.894	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\getevent.types.ps1xml	getevent.types.ps1xml
8/9/2020 - 14:46:28.894	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:28.898	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.899	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.899	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.935	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.938	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.939	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.939	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.940	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.940	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.941	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:28.993	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:29.32	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:29.106	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:29.141	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:29.210	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:29.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:29.339	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:29.439	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:29.478	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:29.514	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:29.547	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:29.587	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:29.695	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:29.785	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:29.819	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.92	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.187	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.222	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.442	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml
8/9/2020 - 14:46:30.443	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.443	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.444	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.444	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.446	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.447	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.562	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.562	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.562	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.562	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.562	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.563	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.563	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.563	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.563	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.563	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.563	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.564	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.564	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.564	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.564	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.566	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.566	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.566	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.566	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.567	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.568	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.568	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.568	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.568	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.569	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.569	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.569	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.569	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.569	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.569	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.570	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.570	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.570	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.570	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml
8/9/2020 - 14:46:30.571	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	types.ps1xml
8/9/2020 - 14:46:30.624	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.680	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.807	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.841	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.876	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.911	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.945	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:30.978	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.12	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.46	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.80	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.113	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.147	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.180	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.213	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.247	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.281	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.314	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.349	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.384	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.422	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.467	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:31.507	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.541	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.575	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.617	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.655	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.696	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:31.931	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:31.990	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:32.69	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.180	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.214	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.249	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.283	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.316	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.349	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.388	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.422	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.458	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.494	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.528	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.561	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.594	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.627	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.663	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.697	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.732	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.765	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.798	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.833	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.875	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.909	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.942	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:32.976	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.9	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.43	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.114	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.163	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.216	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.253	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.288	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.324	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:33.357	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.399	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.433	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.467	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.502	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.536	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.569	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.602	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.635	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.675	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.709	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.743	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.777	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.810	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.845	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.884	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:33.927	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\8761b5c0fc91ae519d028c4ea26a862f\System.Configuration.Install.ni.dll	System.Configuration.Install.ni.dll
8/9/2020 - 14:46:33.962	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:33.997	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:34.30	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:34.64	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:34.99	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:34.132	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:34.173	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:34.208	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:34.242	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\34212bfb8a205eb6b050ce2c826f2c3b\System.ServiceProcess.ni.dll	System.ServiceProcess.ni.dll
8/9/2020 - 14:46:34.294	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:34.382	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:34.436	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:34.492	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:34.534	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:34.603	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:34.637	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:34.670	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:34.771	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:46:34.772	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0
8/9/2020 - 14:46:34.772	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
8/9/2020 - 14:46:34.806	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:34.806	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
8/9/2020 - 14:46:34.840	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:34.840	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml
8/9/2020 - 14:46:34.910	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:34.910	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
8/9/2020 - 14:46:34.910	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:34.910	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
8/9/2020 - 14:46:34.911	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:34.911	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml
8/9/2020 - 14:46:34.945	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:34.945	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
8/9/2020 - 14:46:34.979	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:34.979	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:35.13	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:35.13	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml
8/9/2020 - 14:46:35.13	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:35.30	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:35.64	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:35.99	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:35.168	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\tzres.dll
8/9/2020 - 14:46:35.168	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\tzres.dll
8/9/2020 - 14:46:35.169	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\tzres.dll
8/9/2020 - 14:46:35.169	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\tzres.dll
8/9/2020 - 14:46:35.180	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.217	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.218	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.218	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.219	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:35.220	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.220	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.220	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.221	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.222	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	Diagnostics.Format.ps1xml
8/9/2020 - 14:46:35.222	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.256	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.257	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.257	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.258	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.258	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.259	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.262	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.262	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:35.268	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.302	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.479	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
8/9/2020 - 14:46:35.480	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.480	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.481	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
8/9/2020 - 14:46:35.482	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.Format.ps1xml	WSMan.Format.ps1xml
8/9/2020 - 14:46:35.546	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.582	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml
8/9/2020 - 14:46:35.582	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.582	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml
8/9/2020 - 14:46:35.583	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	Certificate.format.ps1xml
8/9/2020 - 14:46:35.770	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:35.828	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:35.872	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:35.990	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.991	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.991	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.993	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.993	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.993	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.993	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.993	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.995	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.995	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.995	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.995	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.995	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.995	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.996	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.996	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	DotNetTypes.format.ps1xml
8/9/2020 - 14:46:35.998	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:35.999	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:36.35	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:36.68	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:36.101	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:36.134	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll	System.Xml.ni.dll
8/9/2020 - 14:46:36.180	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
8/9/2020 - 14:46:36.181	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.181	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.181	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
8/9/2020 - 14:46:36.182	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	FileSystem.format.ps1xml
8/9/2020 - 14:46:36.184	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml
8/9/2020 - 14:46:36.184	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.184	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.226	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.260	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.261	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.262	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.262	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.262	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.264	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.264	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.264	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.264	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.264	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.264	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.265	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.265	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.265	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.265	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.265	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.265	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.267	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.268	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.268	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.268	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.268	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.268	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.268	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml
8/9/2020 - 14:46:36.269	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	Help.format.ps1xml
8/9/2020 - 14:46:36.315	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:36.370	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.371	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.371	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.372	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.372	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.372	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.372	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.377	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.377	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.377	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.377	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.412	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.412	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.412	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.412	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.412	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.413	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.413	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.413	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.413	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.413	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.414	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.414	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.414	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.414	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.414	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.414	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.415	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	PowerShellCore.format.ps1xml
8/9/2020 - 14:46:36.430	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.431	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.431	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.432	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.432	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.432	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.432	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.433	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.433	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.433	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.433	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	PowerShellTrace.format.ps1xml
8/9/2020 - 14:46:36.434	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml
8/9/2020 - 14:46:36.434	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.434	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.435	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.435	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.435	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.435	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.435	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.436	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.436	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml
8/9/2020 - 14:46:36.436	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	Registry.format.ps1xml
8/9/2020 - 14:46:36.515	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:36.607	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll	Microsoft.WSMan.Management.dll
8/9/2020 - 14:46:36.687	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:36.747	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:36.748	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:36.749	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:36.749	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.749	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.749	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.749	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.783	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.816	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.849	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.890	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:36.890	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:36.891	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.891	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.891	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.892	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.892	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:36.892	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll	Microsoft.WSMan.Management.resources.dll
8/9/2020 - 14:46:37.47	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.121	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.155	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.190	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.226	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.259	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.292	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.393	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.426	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.460	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.508	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.542	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.586	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:37.624	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
8/9/2020 - 14:46:37.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\secur32.dll
8/9/2020 - 14:46:37.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\secur32.dll
8/9/2020 - 14:46:37.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\secur32.dll
8/9/2020 - 14:46:37.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\SSPICLI.DLL
8/9/2020 - 14:46:37.625	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\sspicli.dll
8/9/2020 - 14:46:37.626	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\sspicli.dll
8/9/2020 - 14:46:37.626	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:37.663	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:37.697	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:37.746	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:37.787	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:38.83	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:38.89	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:46:38.90	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot
8/9/2020 - 14:46:38.90	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:38.128	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:38.128	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:38.130	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.130	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.131	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.131	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.139	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.139	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.139	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.139	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.140	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.140	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.255	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:38.263	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll	System.Transactions.ni.dll
8/9/2020 - 14:46:38.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:38.334	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll	System.Management.Automation.Resources.dll
8/9/2020 - 14:46:38.399	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:38.400	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:38.401	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:38.401	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.401	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll	Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.401	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.402	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll	Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.402	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll	Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.403	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll	Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.403	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:38.404	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
8/9/2020 - 14:46:38.404	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.404	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.404	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll	Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.404	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.405	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll	Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.405	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll	Microsoft.PowerShell.Security.Resources.dll
8/9/2020 - 14:46:38.736	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:38.769	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:38.864	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.864	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.864	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.865	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.932	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.932	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.932	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.932	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\
8/9/2020 - 14:46:38.932	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.932	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.933	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.933	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.934	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.934	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.934	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.935	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:38.935	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:39.19	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:39.19	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:39.83	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:39.84	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:39.85	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:39.86	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:39.348	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:39.447	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:39.554	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:39.602	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:39.655	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:39.692	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:39.726	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d56182df8af7a981e8c272549c931fa5\System.DirectoryServices.ni.dll	System.DirectoryServices.ni.dll
8/9/2020 - 14:46:39.810	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:40.153	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:40.189	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll
8/9/2020 - 14:46:40.256	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.256	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll
8/9/2020 - 14:46:40.256	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.297	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.331	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.364	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.398	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.431	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.465	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.499	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.533	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.573	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.607	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.640	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.673	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.709	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.778	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:40.885	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089
8/9/2020 - 14:46:40.885	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.922	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.956	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:40.989	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.22	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.55	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.88	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
8/9/2020 - 14:46:41.122	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.122	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
8/9/2020 - 14:46:41.122	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.155	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.188	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.221	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.255	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.290	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.323	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
8/9/2020 - 14:46:41.331	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.331	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.331	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.332	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:46:41.333	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:41.333	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:41.333	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:41.334	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.335	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.335	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.371	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.372	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.372	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.406	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.406	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.440	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.440	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.441	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.441	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.442	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.442	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll	System.Data.dll
8/9/2020 - 14:46:41.443	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.444	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.444	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.445	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.446	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.446	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.451	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.451	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.505	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:41.540	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:41.582	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:41.615	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:41.652	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:41.685	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:41.930	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:41.965	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.35	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.93	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.149	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.187	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.220	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.253	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.287	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.321	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.360	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.394	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.428	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.462	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.496	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.529	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.562	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.596	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.629	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.663	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.696	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.729	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.762	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.795	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.830	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.866	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.902	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.936	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:42.994	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:43.31	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:43.244	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1
8/9/2020 - 14:46:43.245	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
8/9/2020 - 14:46:43.245	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
8/9/2020 - 14:46:43.245	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
8/9/2020 - 14:46:43.564	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:43.565	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:43.761	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll	Microsoft.PowerShell.Commands.Utility.dll
8/9/2020 - 14:46:43.932	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.32	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:44.66	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:44.172	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.249	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.282	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.317	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.350	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.383	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.737	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:44.795	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Globalization\en-us.nlp
8/9/2020 - 14:46:44.796	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/9/2020 - 14:46:44.796	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/9/2020 - 14:46:44.879	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/9/2020 - 14:46:44.879	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/9/2020 - 14:46:44.950	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:44.950	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/9/2020 - 14:46:44.951	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:44.984	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.17	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.51	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.85	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.119	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/9/2020 - 14:46:45.120	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/9/2020 - 14:46:45.120	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/9/2020 - 14:46:45.122	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/9/2020 - 14:46:45.125	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.125	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/9/2020 - 14:46:45.127	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.127	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.128	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
8/9/2020 - 14:46:45.441	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:45.499	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:45.533	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:45.610	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:45.657	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:45.802	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:45.837	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:45.875	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:45.911	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:45.979	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.21	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.54	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.87	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.122	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.165	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.199	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.233	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.266	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.309	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:46.535	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	System.Management.Automation.dll
8/9/2020 - 14:46:46.571	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll	Microsoft.PowerShell.Commands.Management.dll
8/9/2020 - 14:46:46.638	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:46.681	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:46.715	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:46.750	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:46.806	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:46.840	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:46.878	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:46.920	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:46.955	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:46.989	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.56	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.90	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.124	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.230	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\RpcRtRemote.dll
8/9/2020 - 14:46:47.231	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\RpcRtRemote.dll
8/9/2020 - 14:46:47.231	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\RpcRtRemote.dll	RpcRtRemote.dll
8/9/2020 - 14:46:47.231	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\RpcRtRemote.dll
8/9/2020 - 14:46:47.232	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\RpcRtRemote.dll	RpcRtRemote.dll
8/9/2020 - 14:46:47.269	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.303	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
8/9/2020 - 14:46:47.304	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
8/9/2020 - 14:46:47.305	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
8/9/2020 - 14:46:47.305	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
8/9/2020 - 14:46:47.305	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
8/9/2020 - 14:46:47.340	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
8/9/2020 - 14:46:47.341	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
8/9/2020 - 14:46:47.349	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
8/9/2020 - 14:46:47.349	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
8/9/2020 - 14:46:47.350	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Local
8/9/2020 - 14:46:47.350	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:47.350	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:47.350	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:47.351	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
8/9/2020 - 14:46:47.481	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.552	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.596	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\wmiutils.dll
8/9/2020 - 14:46:47.596	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\wmiutils.dll
8/9/2020 - 14:46:47.597	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\wbemcomn.dll
8/9/2020 - 14:46:47.597	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbemcomn.dll
8/9/2020 - 14:46:47.597	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbemcomn.dll
8/9/2020 - 14:46:47.598	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\Logs
8/9/2020 - 14:46:47.599	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\Logs
8/9/2020 - 14:46:47.601	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\wbemprox.dll
8/9/2020 - 14:46:47.601	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\wbemprox.dll
8/9/2020 - 14:46:47.637	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:47.671	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
8/9/2020 - 14:46:47.708	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\nlaapi.dll
8/9/2020 - 14:46:47.708	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\nlaapi.dll
8/9/2020 - 14:46:47.708	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\NapiNSP.dll
8/9/2020 - 14:46:47.708	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\NapiNSP.dll
8/9/2020 - 14:46:47.777	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\pnrpnsp.dll
8/9/2020 - 14:46:47.778	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\pnrpnsp.dll
8/9/2020 - 14:46:47.846	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\mswsock.dll
8/9/2020 - 14:46:47.847	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\mswsock.dll
8/9/2020 - 14:46:47.847	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\DNSAPI.dll
8/9/2020 - 14:46:47.848	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\dnsapi.dll
8/9/2020 - 14:46:47.848	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\dnsapi.dll
8/9/2020 - 14:46:47.849	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\winrnr.dll
8/9/2020 - 14:46:47.849	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\winrnr.dll
8/9/2020 - 14:46:47.951	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\IPHLPAPI.DLL
8/9/2020 - 14:46:47.951	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\IPHLPAPI.DLL
8/9/2020 - 14:46:47.952	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\IPHLPAPI.DLL
8/9/2020 - 14:46:47.952	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\WINNSI.DLL
8/9/2020 - 14:46:47.952	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\winnsi.dll
8/9/2020 - 14:46:47.953	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\winnsi.dll
8/9/2020 - 14:46:47.991	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\FWPUCLNT.DLL
8/9/2020 - 14:46:47.992	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\FWPUCLNT.DLL
8/9/2020 - 14:46:48.61	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\rasadhlp.dll
8/9/2020 - 14:46:48.61	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rasadhlp.dll
8/9/2020 - 14:46:48.62	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\rasadhlp.dll
8/9/2020 - 14:46:48.238	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\wbemsvc.dll
8/9/2020 - 14:46:48.238	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\wbemsvc.dll
8/9/2020 - 14:46:48.275	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\fastprox.dll
8/9/2020 - 14:46:48.276	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\fastprox.dll
8/9/2020 - 14:46:48.276	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\NTDSAPI.dll
8/9/2020 - 14:46:48.277	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\ntdsapi.dll
8/9/2020 - 14:46:48.277	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\ntdsapi.dll
8/9/2020 - 14:46:48.572	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:50.302	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:50.307	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:50.518	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:50.589	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\pt-BR\wmiutils.dll.mui
8/9/2020 - 14:46:50.590	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\system32\wbem\pt\wmiutils.dll.mui
8/9/2020 - 14:46:50.590	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\en-US\wmiutils.dll.mui
8/9/2020 - 14:46:50.625	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\wbem\en-US\wmiutils.dll.mui	wmiutils.dll.mui
8/9/2020 - 14:46:51.2	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:51.84	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:51.118	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:51.151	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll	System.Management.ni.dll
8/9/2020 - 14:46:51.720	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:51.762	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll	System.ni.dll
8/9/2020 - 14:46:51.797	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll	mscorlib.ni.dll
8/9/2020 - 14:46:53.540	Read	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll	System.Data.ni.dll
8/9/2020 - 14:46:53.616	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.804.1122156
8/9/2020 - 14:46:53.617	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.804.1122156
8/9/2020 - 14:46:53.617	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.804.1122156
8/9/2020 - 14:46:53.619	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\netutils.dll
8/9/2020 - 14:46:53.619	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\netutils.dll
8/9/2020 - 14:46:53.619	Open	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\netutils.dll
8/9/2020 - 14:46:53.627	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Monitor
8/9/2020 - 14:46:53.627	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui	powershell.exe.mui
8/9/2020 - 14:46:53.627	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
8/9/2020 - 14:46:53.627	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
8/9/2020 - 14:46:53.628	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:53.628	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:53.628	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\System32\pt-BR\KernelBase.dll.mui	KernelBase.dll.mui
8/9/2020 - 14:46:53.628	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:53.629	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:53.629	Unknown	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
8/9/2020 - 14:46:53.656	Open	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:46:53.657	Unknown	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:46:53.657	Open	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:46:53.657	Unknown	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:46:53.657	Open	1488	C:\Monitor\proc.exe	C:\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.658	Write	1488	C:\Monitor\proc.exe	C:\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.658	Unknown	1488	C:\Monitor\proc.exe	C:\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.658	Open	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:46:53.658	Open	1488	C:\Monitor\proc.exe	C:\Monitor
8/9/2020 - 14:46:53.658	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor
8/9/2020 - 14:46:53.658	Open	1488	C:\Monitor\proc.exe	C:\Monitor
8/9/2020 - 14:46:53.659	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor
8/9/2020 - 14:46:53.659	Open	1488	C:\Monitor\proc.exe	C:\Monitor\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.660	Write	1488	C:\Monitor\proc.exe	C:\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.660	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.660	Open	1488	C:\Monitor\proc.exe	C:\Program Files
8/9/2020 - 14:46:53.660	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files
8/9/2020 - 14:46:53.660	Open	1488	C:\Monitor\proc.exe	C:\Program Files
8/9/2020 - 14:46:53.661	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files
8/9/2020 - 14:46:53.661	Open	1488	C:\Monitor\proc.exe	C:\Program Files\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.661	Write	1488	C:\Monitor\proc.exe	C:\Program Files\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.662	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.662	Open	1488	C:\Monitor\proc.exe	C:\Program Files (x86)
8/9/2020 - 14:46:53.662	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files (x86)
8/9/2020 - 14:46:53.662	Open	1488	C:\Monitor\proc.exe	C:\Program Files (x86)
8/9/2020 - 14:46:53.662	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files (x86)
8/9/2020 - 14:46:53.662	Open	1488	C:\Monitor\proc.exe	C:\Program Files (x86)\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.663	Write	1488	C:\Monitor\proc.exe	C:\Program Files (x86)\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.663	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files (x86)\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.663	Open	1488	C:\Monitor\proc.exe	C:\Recovery
8/9/2020 - 14:46:53.663	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery
8/9/2020 - 14:46:53.663	Open	1488	C:\Monitor\proc.exe	C:\Recovery
8/9/2020 - 14:46:53.664	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery
8/9/2020 - 14:46:53.664	Open	1488	C:\Monitor\proc.exe	C:\Recovery\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.664	Write	1488	C:\Monitor\proc.exe	C:\Recovery\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.664	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.664	Open	1488	C:\Monitor\proc.exe	C:\Users
8/9/2020 - 14:46:53.685	Unknown	1488	C:\Monitor\proc.exe	C:\Users
8/9/2020 - 14:46:53.685	Open	1488	C:\Monitor\proc.exe	C:\Users
8/9/2020 - 14:46:53.687	Unknown	1488	C:\Monitor\proc.exe	C:\Users
8/9/2020 - 14:46:53.687	Open	1488	C:\Monitor\proc.exe	C:\Users\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.687	Write	1488	C:\Monitor\proc.exe	C:\Users\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.688	Unknown	1488	C:\Monitor\proc.exe	C:\Users\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.688	Unknown	1488	C:\Monitor\proc.exe	C:\
8/9/2020 - 14:46:53.688	Open	1488	C:\Monitor\proc.exe	C:\Monitor
8/9/2020 - 14:46:53.689	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files
8/9/2020 - 14:46:53.689	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files
8/9/2020 - 14:46:53.689	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files
8/9/2020 - 14:46:53.690	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files
8/9/2020 - 14:46:53.690	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.690	Write	1488	C:\Monitor\proc.exe	C:\Monitor\Files\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.691	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.691	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Malware
8/9/2020 - 14:46:53.691	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Malware
8/9/2020 - 14:46:53.691	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Malware
8/9/2020 - 14:46:53.693	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Malware
8/9/2020 - 14:46:53.693	Open	1488	C:\Monitor\proc.exe	C:\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.694	Write	1488	C:\Monitor\proc.exe	C:\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.694	Unknown	1488	C:\Monitor\proc.exe	C:\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.694	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.694	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.694	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.702	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.703	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.711	Write	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.711	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.711	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor
8/9/2020 - 14:46:53.711	Open	1488	C:\Monitor\proc.exe	C:\Program Files
8/9/2020 - 14:46:53.711	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files
8/9/2020 - 14:46:53.711	Open	1488	C:\Monitor\proc.exe	C:\Program Files (x86)
8/9/2020 - 14:46:53.712	Unknown	1488	C:\Monitor\proc.exe	C:\Program Files (x86)
8/9/2020 - 14:46:53.712	Open	1488	C:\Monitor\proc.exe	C:\Recovery
8/9/2020 - 14:46:53.712	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.712	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.712	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.712	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.712	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.712	Write	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.713	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.713	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery
8/9/2020 - 14:46:53.713	Open	1488	C:\Monitor\proc.exe	C:\Users
8/9/2020 - 14:46:53.713	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot
8/9/2020 - 14:46:53.713	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot
8/9/2020 - 14:46:53.713	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot
8/9/2020 - 14:46:53.713	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot
8/9/2020 - 14:46:53.713	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.714	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.714	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.714	Open	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:46:53.714	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:46:53.714	Open	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:46:53.714	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:46:53.714	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.716	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.716	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.716	Open	1488	C:\Monitor\proc.exe	C:\Users\Public
8/9/2020 - 14:46:53.716	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public
8/9/2020 - 14:46:53.716	Open	1488	C:\Monitor\proc.exe	C:\Users\Public
8/9/2020 - 14:46:53.717	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public
8/9/2020 - 14:46:53.717	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.717	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.717	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.717	Unknown	1488	C:\Monitor\proc.exe	C:\Users
8/9/2020 - 14:46:53.717	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files
8/9/2020 - 14:46:53.717	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles
8/9/2020 - 14:46:53.717	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles
8/9/2020 - 14:46:53.718	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles
8/9/2020 - 14:46:53.718	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles
8/9/2020 - 14:46:53.718	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.719	Write	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.719	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.719	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs
8/9/2020 - 14:46:53.719	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs
8/9/2020 - 14:46:53.719	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs
8/9/2020 - 14:46:53.719	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs
8/9/2020 - 14:46:53.719	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.719	Write	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.720	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.720	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files
8/9/2020 - 14:46:53.720	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Malware
8/9/2020 - 14:46:53.720	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Malware
8/9/2020 - 14:46:53.720	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.720	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.720	Read	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.720	Read	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.727	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.729	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.729	Read	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.730	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.732	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.732	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.732	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.732	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.733	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.733	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.735	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.736	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.736	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.737	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.739	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.739	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot
8/9/2020 - 14:46:53.739	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:46:53.739	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:46:53.739	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:46:53.739	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:46:53.739	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.740	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.740	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.740	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:46:53.740	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:46:53.740	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:46:53.740	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:46:53.740	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.789	Read	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.790	Read	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.791	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.791	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.792	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.795	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.795	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:46:53.796	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:46:53.796	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:46:53.798	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:46:53.799	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.837	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.837	Read	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.838	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.838	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.838	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:46:53.839	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:46:53.839	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:46:53.839	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:46:53.839	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.876	Write	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.876	Write	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.888	Write	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.898	Write	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.899	Write	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.899	Write	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.899	Write	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.899	Write	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.899	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.899	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.900	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.900	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:46:53.900	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.900	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.901	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.901	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.901	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
8/9/2020 - 14:46:53.901	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.938	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.938	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.938	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites
8/9/2020 - 14:46:53.938	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites
8/9/2020 - 14:46:53.939	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites
8/9/2020 - 14:46:53.939	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites
8/9/2020 - 14:46:53.939	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.986	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.986	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.986	Open	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.987	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:46:53.987	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:46:53.987	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.987	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.987	Open	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.989	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
8/9/2020 - 14:46:53.989	Unknown	1488	C:\Monitor\proc.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
8/9/2020 - 14:46:53.995	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.995	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:53.995	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links
8/9/2020 - 14:46:53.996	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links
8/9/2020 - 14:46:53.996	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links
8/9/2020 - 14:46:53.996	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links
8/9/2020 - 14:46:53.996	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links\2x93mlc4s-readme.txt
8/9/2020 - 14:46:54.36	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:54.37	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:54.37	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music
8/9/2020 - 14:46:54.37	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music
8/9/2020 - 14:46:54.37	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music
8/9/2020 - 14:46:54.37	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music
8/9/2020 - 14:46:54.37	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music\2x93mlc4s-readme.txt
8/9/2020 - 14:46:54.73	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:54.73	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:46:54.73	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:54.74	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:54.75	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\uxtheme.dll
8/9/2020 - 14:46:54.75	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\uxtheme.dll
8/9/2020 - 14:46:54.180	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\bcryptprimitives.dll
8/9/2020 - 14:46:54.180	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\bcryptprimitives.dll	bcryptprimitives.dll
8/9/2020 - 14:46:54.181	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\bcryptprimitives.dll
8/9/2020 - 14:46:54.182	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\bcryptprimitives.dll	bcryptprimitives.dll
8/9/2020 - 14:46:54.190	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:54.191	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:54.191	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:54.247	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:55.266	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:55.269	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:55.269	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:55.269	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:55.392	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:56.432	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:56.435	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:56.436	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:56.436	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:56.504	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:57.522	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:57.523	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:57.523	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:57.528	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:57.529	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:57.529	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:57.618	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:57.619	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:57.619	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:57.680	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:58.706	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:58.711	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:58.711	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:58.712	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:58.723	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:58.723	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:58.723	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:58.732	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:59.734	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:59.744	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:59.745	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:59.745	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:59.786	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:46:59.787	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:59.787	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:46:59.830	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:0.833	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:0.833	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:0.833	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:0.837	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:0.837	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:0.837	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:0.889	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:0.889	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:0.889	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:0.934	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:0.934	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:0.934	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:0.975	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:1.996	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:2.0	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:2.0	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:2.0	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:2.41	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:2.41	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:2.41	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:2.82	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:2.82	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:2.83	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:2.123	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:3.148	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:3.152	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:3.152	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:3.152	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:3.195	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:3.196	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:3.196	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:3.236	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:3.237	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:3.237	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:3.278	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:4.311	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:4.311	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:4.312	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:4.315	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:4.315	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:4.315	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:4.356	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:4.356	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:4.357	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:4.397	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:4.397	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:4.398	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:4.438	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:4.438	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:4.439	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:4.514	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:5.518	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:5.521	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:5.522	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:5.522	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:5.570	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:5.571	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:5.572	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:5.614	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:5.615	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:5.615	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:5.657	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:5.690	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:5.690	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:5.731	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:6.760	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:6.767	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:6.767	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:6.767	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:6.818	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:6.818	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:6.818	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:6.954	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:6.954	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:6.955	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:7.0	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:7.0	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:7.0	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:7.42	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.75	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.76	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures
8/9/2020 - 14:47:8.77	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures
8/9/2020 - 14:47:8.77	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures
8/9/2020 - 14:47:8.78	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures
8/9/2020 - 14:47:8.78	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.79	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.80	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.80	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games
8/9/2020 - 14:47:8.81	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games
8/9/2020 - 14:47:8.81	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games
8/9/2020 - 14:47:8.81	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games
8/9/2020 - 14:47:8.81	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.82	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.83	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.83	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:8.83	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:8.83	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:8.83	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:8.83	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.120	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.121	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.121	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos
8/9/2020 - 14:47:8.122	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos
8/9/2020 - 14:47:8.123	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos
8/9/2020 - 14:47:8.124	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos
8/9/2020 - 14:47:8.124	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.124	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.125	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.125	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot
8/9/2020 - 14:47:8.125	Open	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:8.125	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop
8/9/2020 - 14:47:8.125	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop
8/9/2020 - 14:47:8.125	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop
8/9/2020 - 14:47:8.126	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop
8/9/2020 - 14:47:8.126	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.170	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.171	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.171	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents
8/9/2020 - 14:47:8.172	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents
8/9/2020 - 14:47:8.172	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents
8/9/2020 - 14:47:8.173	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents
8/9/2020 - 14:47:8.173	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents
8/9/2020 - 14:47:8.173	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.208	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.208	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.208	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads
8/9/2020 - 14:47:8.209	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads
8/9/2020 - 14:47:8.209	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads
8/9/2020 - 14:47:8.209	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads
8/9/2020 - 14:47:8.209	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.210	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.210	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.211	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites
8/9/2020 - 14:47:8.246	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites
8/9/2020 - 14:47:8.247	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites
8/9/2020 - 14:47:8.247	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites
8/9/2020 - 14:47:8.247	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.248	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.248	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.248	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Links
8/9/2020 - 14:47:8.249	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Links
8/9/2020 - 14:47:8.249	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Links
8/9/2020 - 14:47:8.250	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Links
8/9/2020 - 14:47:8.250	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Links\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.285	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.286	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.286	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Music
8/9/2020 - 14:47:8.287	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Music
8/9/2020 - 14:47:8.287	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Music
8/9/2020 - 14:47:8.287	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Music
8/9/2020 - 14:47:8.287	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Music\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.288	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.288	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.289	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.289	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.289	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.290	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.291	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:8.291	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:8.291	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:8.292	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:8.294	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:8.294	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:8.295	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:8.295	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:8.331	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.331	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.333	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.333	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.333	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.333	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.335	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures
8/9/2020 - 14:47:8.336	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures
8/9/2020 - 14:47:8.336	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures
8/9/2020 - 14:47:8.336	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures
8/9/2020 - 14:47:8.336	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.337	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.337	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.337	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games
8/9/2020 - 14:47:8.337	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games
8/9/2020 - 14:47:8.337	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games
8/9/2020 - 14:47:8.338	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games
8/9/2020 - 14:47:8.338	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.338	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.338	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.339	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos
8/9/2020 - 14:47:8.339	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos
8/9/2020 - 14:47:8.339	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos
8/9/2020 - 14:47:8.339	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos
8/9/2020 - 14:47:8.339	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.341	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.341	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.341	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:8.342	Open	1488	C:\Monitor\proc.exe	C:\Users\Public
8/9/2020 - 14:47:8.342	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop
8/9/2020 - 14:47:8.342	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop
8/9/2020 - 14:47:8.342	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop
8/9/2020 - 14:47:8.343	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop
8/9/2020 - 14:47:8.343	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.344	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.345	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.345	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents
8/9/2020 - 14:47:8.345	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents
8/9/2020 - 14:47:8.345	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents
8/9/2020 - 14:47:8.346	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents
8/9/2020 - 14:47:8.346	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.346	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.346	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.347	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads
8/9/2020 - 14:47:8.347	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads
8/9/2020 - 14:47:8.347	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads
8/9/2020 - 14:47:8.348	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads
8/9/2020 - 14:47:8.348	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.348	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.348	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.348	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites
8/9/2020 - 14:47:8.349	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites
8/9/2020 - 14:47:8.349	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites
8/9/2020 - 14:47:8.349	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites
8/9/2020 - 14:47:8.349	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.352	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.352	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.352	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:8.353	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:8.353	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:8.353	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:8.353	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.353	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.354	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.354	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music
8/9/2020 - 14:47:8.354	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music
8/9/2020 - 14:47:8.354	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music
8/9/2020 - 14:47:8.354	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music
8/9/2020 - 14:47:8.355	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.355	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.355	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.355	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures
8/9/2020 - 14:47:8.356	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures
8/9/2020 - 14:47:8.356	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures
8/9/2020 - 14:47:8.356	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures
8/9/2020 - 14:47:8.356	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.356	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.357	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.357	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV
8/9/2020 - 14:47:8.357	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV
8/9/2020 - 14:47:8.357	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV
8/9/2020 - 14:47:8.358	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV
8/9/2020 - 14:47:8.358	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.360	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.360	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.361	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos
8/9/2020 - 14:47:8.361	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos
8/9/2020 - 14:47:8.361	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos
8/9/2020 - 14:47:8.361	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos
8/9/2020 - 14:47:8.361	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.362	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.362	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.362	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public
8/9/2020 - 14:47:8.362	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.363	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.363	Open	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs
8/9/2020 - 14:47:8.363	Unknown	1488	C:\Monitor\proc.exe	C:\Monitor\Files\Logs
8/9/2020 - 14:47:8.363	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:47:8.363	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact
8/9/2020 - 14:47:8.364	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:8.364	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:8.365	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact
8/9/2020 - 14:47:8.367	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:47:8.367	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:47:8.367	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop
8/9/2020 - 14:47:8.367	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:47:8.368	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents
8/9/2020 - 14:47:8.368	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:47:8.368	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor
8/9/2020 - 14:47:8.368	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor
8/9/2020 - 14:47:8.368	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor
8/9/2020 - 14:47:8.369	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor
8/9/2020 - 14:47:8.369	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.369	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.369	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.370	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:8.370	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:8.370	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:8.415	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:8.415	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:8.417	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:47:8.417	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites
8/9/2020 - 14:47:8.417	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:8.419	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:8.419	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:8.420	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:8.420	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.459	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.460	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:8.460	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:8.461	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.462	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.462	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:8.463	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:8.463	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:8.463	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:8.463	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.464	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.465	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.465	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites
8/9/2020 - 14:47:8.465	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links
8/9/2020 - 14:47:8.465	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links
8/9/2020 - 14:47:8.466	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music
8/9/2020 - 14:47:8.466	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music
8/9/2020 - 14:47:8.466	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures
8/9/2020 - 14:47:8.466	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures
8/9/2020 - 14:47:8.466	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games
8/9/2020 - 14:47:8.466	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games
8/9/2020 - 14:47:8.467	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:8.467	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:8.467	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.467	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.467	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:8.468	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:8.468	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.468	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:8.469	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.469	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:8.469	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.469	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:8.469	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.470	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.470	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:8.472	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:8.472	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:8.472	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:8.472	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:8.473	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:8.473	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:8.473	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:8.473	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:8.474	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:8.474	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:8.474	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:8.474	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:8.474	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:8.476	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:8.476	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos
8/9/2020 - 14:47:8.477	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos
8/9/2020 - 14:47:8.477	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop
8/9/2020 - 14:47:8.477	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop
8/9/2020 - 14:47:8.477	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents
8/9/2020 - 14:47:8.478	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents
8/9/2020 - 14:47:8.478	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads
8/9/2020 - 14:47:8.478	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads
8/9/2020 - 14:47:8.478	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites
8/9/2020 - 14:47:8.478	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites
8/9/2020 - 14:47:8.478	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Links
8/9/2020 - 14:47:8.479	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Links
8/9/2020 - 14:47:8.479	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Music
8/9/2020 - 14:47:8.479	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Music
8/9/2020 - 14:47:8.479	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures
8/9/2020 - 14:47:8.479	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures
8/9/2020 - 14:47:8.479	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games
8/9/2020 - 14:47:8.480	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games
8/9/2020 - 14:47:8.480	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos
8/9/2020 - 14:47:8.480	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos
8/9/2020 - 14:47:8.480	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop
8/9/2020 - 14:47:8.480	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop
8/9/2020 - 14:47:8.480	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents
8/9/2020 - 14:47:8.481	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents
8/9/2020 - 14:47:8.481	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads
8/9/2020 - 14:47:8.481	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads
8/9/2020 - 14:47:8.481	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites
8/9/2020 - 14:47:8.481	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites
8/9/2020 - 14:47:8.481	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:8.482	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms
8/9/2020 - 14:47:8.482	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
8/9/2020 - 14:47:8.482	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
8/9/2020 - 14:47:8.483	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms
8/9/2020 - 14:47:8.485	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:8.485	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music
8/9/2020 - 14:47:8.485	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:8.485	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:8.486	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:8.486	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:8.486	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.486	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.487	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.487	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music
8/9/2020 - 14:47:8.487	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures
8/9/2020 - 14:47:8.487	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:8.487	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:8.488	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:8.488	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:8.488	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.488	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.489	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.489	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures
8/9/2020 - 14:47:8.489	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV
8/9/2020 - 14:47:8.489	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:8.491	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:8.491	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:8.491	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:8.491	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.492	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.492	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.492	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV
8/9/2020 - 14:47:8.492	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos
8/9/2020 - 14:47:8.493	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:8.493	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:8.493	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:8.493	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:8.536	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.536	Read	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.493	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.538	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.539	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.539	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos
8/9/2020 - 14:47:8.539	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor
8/9/2020 - 14:47:8.539	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
8/9/2020 - 14:47:8.540	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
8/9/2020 - 14:47:8.540	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
8/9/2020 - 14:47:8.540	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
8/9/2020 - 14:47:8.540	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.541	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.541	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.541	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor
8/9/2020 - 14:47:8.541	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:8.541	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
8/9/2020 - 14:47:8.541	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
8/9/2020 - 14:47:8.541	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
8/9/2020 - 14:47:8.543	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
8/9/2020 - 14:47:8.544	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
8/9/2020 - 14:47:8.544	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
8/9/2020 - 14:47:8.546	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:8.546	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:8.546	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
8/9/2020 - 14:47:8.546	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
8/9/2020 - 14:47:8.546	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
8/9/2020 - 14:47:8.549	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
8/9/2020 - 14:47:8.549	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
8/9/2020 - 14:47:8.549	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
8/9/2020 - 14:47:8.551	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
8/9/2020 - 14:47:8.552	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
8/9/2020 - 14:47:8.552	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
8/9/2020 - 14:47:8.554	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:8.554	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:8.554	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:8.554	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:8.555	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:8.555	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:8.557	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:8.558	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:8.558	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:8.558	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:8.560	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3
8/9/2020 - 14:47:8.560	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:8.561	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:8.561	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3
8/9/2020 - 14:47:8.563	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:8.563	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:8.563	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
8/9/2020 - 14:47:8.563	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:8.564	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:8.564	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
8/9/2020 - 14:47:8.566	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:8.567	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:8.567	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:8.568	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:8.570	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
8/9/2020 - 14:47:8.571	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:8.571	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:8.571	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
8/9/2020 - 14:47:8.611	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:8.611	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:8.573	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
8/9/2020 - 14:47:8.612	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:8.612	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:8.613	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
8/9/2020 - 14:47:8.615	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:8.615	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:8.615	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:8.615	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:8.617	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
8/9/2020 - 14:47:8.618	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:8.618	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:8.619	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
8/9/2020 - 14:47:8.621	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:8.621	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:8.621	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:8.622	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:8.623	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:8.624	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:8.624	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:8.625	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:8.626	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:8.626	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:8.626	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:8.627	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:8.627	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:8.663	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:8.665	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:8.665	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:8.665	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:8.666	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:8.666	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:8.666	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:8.668	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:8.668	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
8/9/2020 - 14:47:8.668	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
8/9/2020 - 14:47:8.669	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
8/9/2020 - 14:47:8.669	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
8/9/2020 - 14:47:8.669	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
8/9/2020 - 14:47:8.669	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.670	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.670	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.670	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
8/9/2020 - 14:47:8.670	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
8/9/2020 - 14:47:8.670	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
8/9/2020 - 14:47:8.671	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
8/9/2020 - 14:47:8.671	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.671	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.672	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.672	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:8.672	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:8.672	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:8.672	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:8.673	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:8.672	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.673	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.673	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.673	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
8/9/2020 - 14:47:8.673	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
8/9/2020 - 14:47:8.674	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.674	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.674	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.674	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.674	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.675	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.675	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.675	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
8/9/2020 - 14:47:8.675	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
8/9/2020 - 14:47:8.676	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
8/9/2020 - 14:47:8.676	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
8/9/2020 - 14:47:8.676	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs\2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.676	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.676	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:8.676	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
8/9/2020 - 14:47:8.677	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
8/9/2020 - 14:47:8.677	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
8/9/2020 - 14:47:8.677	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:8.677	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
8/9/2020 - 14:47:8.677	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:47:8.678	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:47:8.679	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
8/9/2020 - 14:47:8.681	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:8.682	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:8.682	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:8.682	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:8.723	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:8.723	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:8.724	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:8.726	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:8.726	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.726	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
8/9/2020 - 14:47:8.726	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
8/9/2020 - 14:47:8.726	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
8/9/2020 - 14:47:8.723	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:8.732	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:8.732	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:8.732	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:8.732	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
8/9/2020 - 14:47:8.735	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\drprov.dll
8/9/2020 - 14:47:8.736	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\drprov.dll
8/9/2020 - 14:47:8.740	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:8.740	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
8/9/2020 - 14:47:8.741	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
8/9/2020 - 14:47:8.742	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:8.743	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:8.796	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\winsta.dll
8/9/2020 - 14:47:8.796	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\winsta.dll
8/9/2020 - 14:47:8.798	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\ntlanman.dll
8/9/2020 - 14:47:8.804	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\ntlanman.dll
8/9/2020 - 14:47:8.841	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\davclnt.dll
8/9/2020 - 14:47:8.843	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:8.843	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:8.848	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\davclnt.dll
8/9/2020 - 14:47:8.917	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\davhlpr.dll
8/9/2020 - 14:47:8.919	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\davhlpr.dll
8/9/2020 - 14:47:8.925	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:8.927	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:8.993	Open	1488	C:\Monitor\proc.exe	C:\Monitor\wkscli.dll
8/9/2020 - 14:47:8.994	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wkscli.dll
8/9/2020 - 14:47:8.994	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\wkscli.dll
8/9/2020 - 14:47:8.996	Open	1488	C:\Monitor\proc.exe	C:\Monitor\cscapi.dll
8/9/2020 - 14:47:8.996	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\cscapi.dll
8/9/2020 - 14:47:8.997	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\cscapi.dll
8/9/2020 - 14:47:8.998	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:8.999	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:9.36	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:9.36	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:9.37	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:9.38	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:9.76	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:9.77	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:9.79	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:9.82	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:9.83	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:9.86	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:9.88	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:9.91	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:9.92	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:9.94	Open	1488	C:\Monitor\proc.exe	C:\Monitor\netutils.dll
8/9/2020 - 14:47:9.95	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\netutils.dll
8/9/2020 - 14:47:9.95	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\netutils.dll
8/9/2020 - 14:47:9.98	Open	1488	C:\Monitor\proc.exe	C:\Monitor\browcli.dll
8/9/2020 - 14:47:9.98	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\browcli.dll
8/9/2020 - 14:47:9.100	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:9.100	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:9.102	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\browcli.dll
8/9/2020 - 14:47:9.104	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:9.105	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:9.106	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:9.107	Read	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:9.162	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:47:9.162	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:9.165	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:9.166	Read	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:9.166	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:9.166	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1
8/9/2020 - 14:47:9.166	Open	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.166	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT.LOG1	NTUSER.DAT.LOG1
8/9/2020 - 14:47:9.166	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.167	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:9.167	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:9.167	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:9.167	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
8/9/2020 - 14:47:9.167	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:9.168	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
8/9/2020 - 14:47:9.168	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
8/9/2020 - 14:47:9.168	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
8/9/2020 - 14:47:9.168	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
8/9/2020 - 14:47:9.168	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
8/9/2020 - 14:47:9.179	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:9.190	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:9.241	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:9.249	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:9.256	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:9.262	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:9.262	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:9.304	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:9.311	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:9.317	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:9.324	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:9.330	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:9.430	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:9.442	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:9.444	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:47:9.445	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:9.445	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:9.445	Open	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.445	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:9.446	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.446	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:9.446	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:9.447	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:9.447	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:9.447	Open	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.447	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:9.448	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.449	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:9.449	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:9.449	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
8/9/2020 - 14:47:9.450	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:9.450	Open	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:9.450	Open	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.450	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:9.450	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Default
8/9/2020 - 14:47:9.451	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
8/9/2020 - 14:47:9.451	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
8/9/2020 - 14:47:9.452	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
8/9/2020 - 14:47:9.452	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
8/9/2020 - 14:47:9.452	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
8/9/2020 - 14:47:9.452	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:9.452	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:9.452	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:9.453	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:9.454	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:9.454	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:9.454	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:9.454	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact
8/9/2020 - 14:47:9.455	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:47:9.455	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
8/9/2020 - 14:47:9.455	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts
8/9/2020 - 14:47:9.456	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:9.456	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:9.456	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:9.456	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:9.456	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:9.456	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:9.457	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:9.457	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:47:9.457	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:9.457	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:9.458	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:47:9.458	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor.zip
8/9/2020 - 14:47:9.458	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads
8/9/2020 - 14:47:9.458	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:9.458	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:9.458	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
8/9/2020 - 14:47:9.459	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:9.459	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
8/9/2020 - 14:47:9.459	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:9.460	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:9.460	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
8/9/2020 - 14:47:9.460	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:9.460	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
8/9/2020 - 14:47:9.460	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches
8/9/2020 - 14:47:9.461	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
8/9/2020 - 14:47:9.461	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms
8/9/2020 - 14:47:9.461	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:9.462	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
8/9/2020 - 14:47:9.462	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries
8/9/2020 - 14:47:9.463	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
8/9/2020 - 14:47:9.463	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:9.463	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
8/9/2020 - 14:47:9.463	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:9.464	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
8/9/2020 - 14:47:9.465	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
8/9/2020 - 14:47:9.465	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
8/9/2020 - 14:47:9.465	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:9.465	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
8/9/2020 - 14:47:9.465	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links
8/9/2020 - 14:47:9.466	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
8/9/2020 - 14:47:9.466	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:9.466	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
8/9/2020 - 14:47:9.467	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:9.467	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
8/9/2020 - 14:47:9.510	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:9.510	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
8/9/2020 - 14:47:9.513	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:9.514	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
8/9/2020 - 14:47:9.515	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:9.515	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
8/9/2020 - 14:47:9.515	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:47:9.516	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:9.516	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:9.516	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:9.516	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
8/9/2020 - 14:47:9.517	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:9.518	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:9.518	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:9.518	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:9.519	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
8/9/2020 - 14:47:9.519	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:9.520	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:9.520	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3
8/9/2020 - 14:47:9.520	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:9.520	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
8/9/2020 - 14:47:9.521	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\Sample Music
8/9/2020 - 14:47:9.521	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:9.522	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
8/9/2020 - 14:47:9.522	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.522	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
8/9/2020 - 14:47:9.522	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.523	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:9.523	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:9.523	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.524	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
8/9/2020 - 14:47:9.525	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.526	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:9.526	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
8/9/2020 - 14:47:9.526	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.527	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
8/9/2020 - 14:47:9.527	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.528	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:9.528	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
8/9/2020 - 14:47:9.529	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.529	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
8/9/2020 - 14:47:9.529	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.530	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:9.530	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:9.530	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.531	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
8/9/2020 - 14:47:9.531	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.532	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:9.532	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
8/9/2020 - 14:47:9.533	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.533	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
8/9/2020 - 14:47:9.534	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.534	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:9.534	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:9.535	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.535	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
8/9/2020 - 14:47:9.535	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.536	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:9.536	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:9.537	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.537	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
8/9/2020 - 14:47:9.537	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\Sample Pictures
8/9/2020 - 14:47:9.538	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:9.538	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:9.540	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:9.540	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
8/9/2020 - 14:47:9.541	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\Sample Videos
8/9/2020 - 14:47:9.541	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:9.541	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:9.541	Open	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:9.541	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
8/9/2020 - 14:47:9.542	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\Sample Media
8/9/2020 - 14:47:9.543	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:47:9.543	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
8/9/2020 - 14:47:9.543	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:9.543	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
8/9/2020 - 14:47:9.544	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:9.544	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:9.544	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:9.545	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:9.545	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
8/9/2020 - 14:47:9.545	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
8/9/2020 - 14:47:11.542	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.543	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.543	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.542	Open	1488	C:\Monitor\proc.exe	\Device\Mup\.\.\
8/9/2020 - 14:47:11.544	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.544	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.544	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\.\.\
8/9/2020 - 14:47:11.544	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.545	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.545	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.545	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.545	Open	1488	C:\Monitor\proc.exe	\Device\Mup\.\.\
8/9/2020 - 14:47:11.546	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.546	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.546	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\.\.\
8/9/2020 - 14:47:11.546	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.547	Open	1488	C:\Monitor\proc.exe	C:\Monitor\srvcli.dll
8/9/2020 - 14:47:11.547	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\srvcli.dll
8/9/2020 - 14:47:11.547	Open	1488	C:\Monitor\proc.exe	C:\Windows\SysWOW64\srvcli.dll
8/9/2020 - 14:47:11.550	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.550	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.550	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.550	Open	1488	C:\Monitor\proc.exe	\Device\Mup\.\.\
8/9/2020 - 14:47:11.551	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.551	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.551	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\.\.\
8/9/2020 - 14:47:11.551	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.552	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.552	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.552	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.553	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.553	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.553	Unknown	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace
8/9/2020 - 14:47:11.552	Open	1488	C:\Monitor\proc.exe	\Device\Mup\;Csc\.\.\W7VM1
8/9/2020 - 14:47:11.553	Open	1488	C:\Monitor\proc.exe	C:\Windows\CSC\v2.0.6\namespace\W7VM1
8/9/2020 - 14:47:11.554	Open	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\
8/9/2020 - 14:47:13.616	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\
8/9/2020 - 14:47:13.682	Open	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\
8/9/2020 - 14:47:14.166	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\
8/9/2020 - 14:47:14.233	Open	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\2x93mlc4s-readme.txt
8/9/2020 - 14:47:14.763	Write	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:14.763	Write	1488	C:\Monitor\proc.exe	C:\Users\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:14.763	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:14.839	Open	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\
8/9/2020 - 14:47:15.412	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot
8/9/2020 - 14:47:15.906	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot
8/9/2020 - 14:47:15.973	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot
8/9/2020 - 14:47:16.522	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot
8/9/2020 - 14:47:16.588	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\2x93mlc4s-readme.txt
8/9/2020 - 14:47:17.378	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:17.378	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:17.379	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:17.449	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default
8/9/2020 - 14:47:18.42	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default
8/9/2020 - 14:47:18.111	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default
8/9/2020 - 14:47:18.582	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default
8/9/2020 - 14:47:18.649	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\2x93mlc4s-readme.txt
8/9/2020 - 14:47:19.546	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:19.546	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:19.546	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:19.613	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public
8/9/2020 - 14:47:20.147	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public
8/9/2020 - 14:47:20.213	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public
8/9/2020 - 14:47:20.687	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public
8/9/2020 - 14:47:20.753	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\2x93mlc4s-readme.txt
8/9/2020 - 14:47:21.632	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:21.632	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:21.633	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:21.802	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\W7VM1\Users\
8/9/2020 - 14:47:21.802	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot
8/9/2020 - 14:47:22.409	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts
8/9/2020 - 14:47:22.911	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts
8/9/2020 - 14:47:22.980	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts
8/9/2020 - 14:47:23.448	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts
8/9/2020 - 14:47:23.518	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts\2x93mlc4s-readme.txt
8/9/2020 - 14:47:24.386	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:24.386	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Contacts\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:24.386	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:24.453	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop
8/9/2020 - 14:47:24.987	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop
8/9/2020 - 14:47:25.53	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop
8/9/2020 - 14:47:25.518	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop
8/9/2020 - 14:47:25.583	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop\2x93mlc4s-readme.txt
8/9/2020 - 14:47:26.443	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:26.443	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:26.444	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:26.512	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Documents
8/9/2020 - 14:47:26.988	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Documents
8/9/2020 - 14:47:27.55	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Documents
8/9/2020 - 14:47:27.661	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Documents
8/9/2020 - 14:47:27.727	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\documents\2x93mlc4s-readme.txt
8/9/2020 - 14:47:28.413	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:28.413	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:28.413	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:28.482	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads
8/9/2020 - 14:47:29.37	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads
8/9/2020 - 14:47:29.115	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads
8/9/2020 - 14:47:29.576	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads
8/9/2020 - 14:47:29.642	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\downloads\2x93mlc4s-readme.txt
8/9/2020 - 14:47:30.377	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:30.377	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:30.377	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:30.444	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites
8/9/2020 - 14:47:30.906	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites
8/9/2020 - 14:47:30.972	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites
8/9/2020 - 14:47:31.505	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites
8/9/2020 - 14:47:31.572	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\favorites\2x93mlc4s-readme.txt
8/9/2020 - 14:47:32.232	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:32.232	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:32.233	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:32.300	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Links
8/9/2020 - 14:47:32.837	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Links
8/9/2020 - 14:47:32.916	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Links
8/9/2020 - 14:47:33.349	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Links
8/9/2020 - 14:47:33.416	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Links\2x93mlc4s-readme.txt
8/9/2020 - 14:47:34.339	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:34.339	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:34.339	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:34.407	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Music
8/9/2020 - 14:47:34.915	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Music
8/9/2020 - 14:47:35.8	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Music
8/9/2020 - 14:47:35.484	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Music
8/9/2020 - 14:47:35.560	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Music\2x93mlc4s-readme.txt
8/9/2020 - 14:47:36.416	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:36.416	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:36.416	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:47:36.485	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:36.816	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:37.158	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:37.159	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:37.241	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:37.241	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:37.241	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:37.357	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:37.357	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:37.726	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:38.75	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:38.995	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:47:39.88	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:39.88	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:39.88	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:39.167	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:39.168	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:39.168	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:39.251	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:40.278	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:40.627	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:40.627	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:40.703	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:40.704	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:40.704	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:40.779	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:40.780	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:41.181	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:41.511	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:41.950	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:47:42.17	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:42.17	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:42.17	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:42.92	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:42.93	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:42.93	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:42.168	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:43.187	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:43.575	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:43.575	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:43.673	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:43.673	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:43.673	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:43.749	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:43.749	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:44.81	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:44.411	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:44.916	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:47:44.982	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:44.982	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:44.983	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:45.60	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:45.60	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:45.60	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:45.70	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:46.83	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:46.414	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:46.746	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:47.217	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:47.217	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:47.291	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:47.291	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:47.292	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:47.366	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:47.366	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:47.701	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:48.38	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:48.548	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:47:48.615	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:48.615	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:48.615	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:48.691	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:48.691	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:48.691	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:48.768	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:48.768	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:49.98	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:50.130	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:51.221	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:51.586	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:51.586	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:51.666	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:51.666	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:51.666	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:51.742	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:51.742	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:52.198	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:52.533	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:52.989	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:47:53.97	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:53.97	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:53.97	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:53.106	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:53.106	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:53.106	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:53.114	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:53.114	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:53.472	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:54.81	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:55.164	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:55.572	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:55.572	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:55.647	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:55.647	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:55.647	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:55.720	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:47:55.720	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:56.83	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:56.411	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:56.952	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:47:57.18	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:57.18	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:57.18	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:57.94	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:47:57.94	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:57.94	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:57.170	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:57.170	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:57.500	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:58.171	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:59.267	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:47:59.599	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:47:59.930	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:0.302	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:0.302	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:0.409	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:0.409	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:0.409	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:0.485	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:0.485	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:0.816	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:1.149	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:1.666	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:48:1.732	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:2.112	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:3.166	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:3.233	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:3.233	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:3.233	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:3.309	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:3.309	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:3.309	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:3.384	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:3.384	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:3.725	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:4.395	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:5.477	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:5.810	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:5.810	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:5.887	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:5.888	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:5.888	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:5.963	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:5.964	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:6.366	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:6.696	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:7.205	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:48:7.271	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:7.688	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:8.331	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:8.398	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:8.398	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:8.398	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:8.477	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:8.477	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:8.477	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:8.553	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:8.553	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:8.969	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:9.579	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:10.678	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:11.12	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:11.12	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:11.137	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:11.137	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:11.137	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:11.237	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:11.237	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:11.567	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:11.938	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:12.492	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:48:12.558	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:12.893	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:13.540	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:13.626	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:13.626	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:13.626	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:13.701	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:13.701	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:13.701	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:13.777	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:13.777	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:14.109	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:14.753	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:15.880	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:16.244	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:16.575	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:16.954	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:16.954	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:17.30	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:17.31	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:17.31	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:17.151	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:17.152	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:17.500	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:17.827	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:18.266	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:48:18.379	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:18.732	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:19.333	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:19.398	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:19.398	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:19.398	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:19.472	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:19.472	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:19.473	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:19.594	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:19.594	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:19.945	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:20.550	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:20.617	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:21.23	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:22.83	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:23.202	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:23.544	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:23.545	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:23.629	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:23.630	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:23.630	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:23.707	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:23.707	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:24.70	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:24.481	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:24.938	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:48:25.5	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:25.344	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:26.53	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:26.121	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:26.121	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:26.121	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:26.200	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:26.200	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:26.200	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:26.278	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:26.278	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:26.611	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:27.366	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:27.431	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:27.762	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:28.447	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:29.544	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:29.875	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:29.876	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:30.17	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:30.17	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:30.17	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:30.158	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:30.158	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:30.538	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:30.893	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:31.399	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\ntuser.dat.LOG1	ntuser.dat.LOG1
8/9/2020 - 14:48:31.465	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:31.899	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:32.567	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:32.634	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:32.634	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:32.634	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:32.773	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\ntuser.dat.LOG1
8/9/2020 - 14:48:32.773	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:32.773	Open	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:32.967	Unknown	1488	C:\Monitor\proc.exe	C:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
8/9/2020 - 14:48:32.967	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:33.320	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:33.995	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
8/9/2020 - 14:48:34.61	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:34.456	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:35.120	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:36.198	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
8/9/2020 - 14:48:36.528	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Pictures
8/9/2020 - 14:48:37.90	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Pictures
8/9/2020 - 14:48:37.158	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Pictures
8/9/2020 - 14:48:37.615	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Pictures
8/9/2020 - 14:48:37.681	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Pictures\2x93mlc4s-readme.txt
8/9/2020 - 14:48:38.524	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:38.524	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:38.524	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:38.591	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Saved Games
8/9/2020 - 14:48:39.97	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Saved Games
8/9/2020 - 14:48:39.165	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Saved Games
8/9/2020 - 14:48:39.654	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Saved Games
8/9/2020 - 14:48:39.720	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\saved games\2x93mlc4s-readme.txt
8/9/2020 - 14:48:40.375	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\saved games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:40.375	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Saved Games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:40.375	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\saved games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:40.484	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Searches
8/9/2020 - 14:48:40.983	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Searches
8/9/2020 - 14:48:41.52	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Searches
8/9/2020 - 14:48:41.520	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Searches
8/9/2020 - 14:48:41.586	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Searches\2x93mlc4s-readme.txt
8/9/2020 - 14:48:42.457	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Searches\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:42.457	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Searches\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:42.458	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Searches\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:42.528	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Videos
8/9/2020 - 14:48:42.997	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Videos
8/9/2020 - 14:48:43.63	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Videos
8/9/2020 - 14:48:43.607	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Videos
8/9/2020 - 14:48:43.673	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Videos\2x93mlc4s-readme.txt
8/9/2020 - 14:48:44.436	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:44.436	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:44.436	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:44.602	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot
8/9/2020 - 14:48:44.717	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default
8/9/2020 - 14:48:45.291	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Desktop
8/9/2020 - 14:48:45.750	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Desktop
8/9/2020 - 14:48:45.818	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Desktop
8/9/2020 - 14:48:46.347	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Desktop
8/9/2020 - 14:48:46.414	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Desktop\2x93mlc4s-readme.txt
8/9/2020 - 14:48:53.271	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:53.271	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:53.271	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:53.338	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Documents
8/9/2020 - 14:48:53.881	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Documents
8/9/2020 - 14:48:53.949	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Documents
8/9/2020 - 14:48:54.416	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Documents
8/9/2020 - 14:48:54.483	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\documents\2x93mlc4s-readme.txt
8/9/2020 - 14:48:55.222	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:55.222	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:55.222	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:55.291	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Downloads
8/9/2020 - 14:48:55.757	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Downloads
8/9/2020 - 14:48:55.824	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Downloads
8/9/2020 - 14:48:56.361	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Downloads
8/9/2020 - 14:48:56.427	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\downloads\2x93mlc4s-readme.txt
8/9/2020 - 14:48:57.79	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:57.79	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:57.79	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:57.145	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Favorites
8/9/2020 - 14:48:57.677	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Favorites
8/9/2020 - 14:48:57.744	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Favorites
8/9/2020 - 14:48:58.240	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Favorites
8/9/2020 - 14:48:58.308	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\favorites\2x93mlc4s-readme.txt
8/9/2020 - 14:48:59.84	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:59.84	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:59.84	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:48:59.153	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Links
8/9/2020 - 14:48:59.628	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Links
8/9/2020 - 14:48:59.695	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Links
8/9/2020 - 14:49:0.203	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Links
8/9/2020 - 14:49:0.269	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Links\2x93mlc4s-readme.txt
8/9/2020 - 14:49:1.65	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:1.65	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:1.65	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:1.133	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Music
8/9/2020 - 14:49:1.670	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Music
8/9/2020 - 14:49:1.737	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Music
8/9/2020 - 14:49:2.197	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Music
8/9/2020 - 14:49:2.263	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Music\2x93mlc4s-readme.txt
8/9/2020 - 14:49:3.170	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:3.170	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:3.170	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:3.238	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Pictures
8/9/2020 - 14:49:3.694	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Pictures
8/9/2020 - 14:49:3.760	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Pictures
8/9/2020 - 14:49:4.291	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Pictures
8/9/2020 - 14:49:4.357	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Pictures\2x93mlc4s-readme.txt
8/9/2020 - 14:49:5.109	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:5.109	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:5.109	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:5.341	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Saved Games
8/9/2020 - 14:49:5.796	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Saved Games
8/9/2020 - 14:49:5.863	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Saved Games
8/9/2020 - 14:49:6.319	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Saved Games
8/9/2020 - 14:49:6.426	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\saved games\2x93mlc4s-readme.txt
8/9/2020 - 14:49:7.110	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\saved games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:7.110	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Saved Games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:7.110	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\saved games\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:7.176	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Videos
8/9/2020 - 14:49:7.685	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Videos
8/9/2020 - 14:49:7.775	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Videos
8/9/2020 - 14:49:8.274	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Videos
8/9/2020 - 14:49:8.340	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Videos\2x93mlc4s-readme.txt
8/9/2020 - 14:49:9.164	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:9.164	Write	1488	C:\Monitor\proc.exe	C:\Users\Default\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:9.164	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:9.331	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Default
8/9/2020 - 14:49:9.397	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public
8/9/2020 - 14:49:9.950	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Desktop
8/9/2020 - 14:49:10.482	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Desktop
8/9/2020 - 14:49:10.554	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Desktop
8/9/2020 - 14:49:11.10	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Desktop
8/9/2020 - 14:49:11.76	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Desktop\2x93mlc4s-readme.txt
8/9/2020 - 14:49:11.902	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:11.902	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:11.902	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Desktop\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:11.968	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Documents
8/9/2020 - 14:49:12.473	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Documents
8/9/2020 - 14:49:12.561	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Documents
8/9/2020 - 14:49:13.125	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Documents
8/9/2020 - 14:49:13.191	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\documents\2x93mlc4s-readme.txt
8/9/2020 - 14:49:13.911	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:13.911	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:13.911	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\documents\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:13.978	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Downloads
8/9/2020 - 14:49:14.436	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Downloads
8/9/2020 - 14:49:14.503	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Downloads
8/9/2020 - 14:49:15.41	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Downloads
8/9/2020 - 14:49:15.107	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\downloads\2x93mlc4s-readme.txt
8/9/2020 - 14:49:15.782	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:15.782	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:15.782	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\downloads\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:15.849	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Favorites
8/9/2020 - 14:49:16.391	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Favorites
8/9/2020 - 14:49:16.458	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Favorites
8/9/2020 - 14:49:16.929	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Favorites
8/9/2020 - 14:49:16.996	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\favorites\2x93mlc4s-readme.txt
8/9/2020 - 14:49:17.726	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:17.726	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:17.726	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\favorites\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:17.794	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Libraries
8/9/2020 - 14:49:18.332	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Libraries
8/9/2020 - 14:49:18.398	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Libraries
8/9/2020 - 14:49:18.926	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Libraries
8/9/2020 - 14:49:18.993	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\libraries\2x93mlc4s-readme.txt
8/9/2020 - 14:49:19.687	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\libraries\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:19.687	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Libraries\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:19.687	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\libraries\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:19.782	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Music
8/9/2020 - 14:49:20.244	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Music
8/9/2020 - 14:49:20.310	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Music
8/9/2020 - 14:49:20.787	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Music
8/9/2020 - 14:49:20.896	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Music\2x93mlc4s-readme.txt
8/9/2020 - 14:49:21.687	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:21.687	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:21.687	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Music\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:21.753	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Pictures
8/9/2020 - 14:49:22.291	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Pictures
8/9/2020 - 14:49:22.357	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Pictures
8/9/2020 - 14:49:22.824	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Pictures
8/9/2020 - 14:49:27.863	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Pictures\2x93mlc4s-readme.txt
8/9/2020 - 14:49:28.746	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:28.746	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:28.746	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Pictures\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:28.812	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Recorded TV
8/9/2020 - 14:49:29.315	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Recorded TV
8/9/2020 - 14:49:29.390	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Recorded TV
8/9/2020 - 14:49:29.884	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Recorded TV
8/9/2020 - 14:49:29.951	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\recorded tv\2x93mlc4s-readme.txt
8/9/2020 - 14:49:30.609	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\recorded tv\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:30.609	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Recorded TV\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:30.609	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\recorded tv\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:30.716	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Videos
8/9/2020 - 14:49:31.232	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Videos
8/9/2020 - 14:49:31.298	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Videos
8/9/2020 - 14:49:31.756	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Videos
8/9/2020 - 14:49:31.823	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Videos\2x93mlc4s-readme.txt
8/9/2020 - 14:49:32.693	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:32.693	Write	1488	C:\Monitor\proc.exe	C:\Users\Public\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:32.694	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public\Videos\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:32.964	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Public
8/9/2020 - 14:49:33.33	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts
8/9/2020 - 14:49:33.985	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Contacts
8/9/2020 - 14:49:34.51	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop
8/9/2020 - 14:49:34.978	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Desktop
8/9/2020 - 14:49:35.44	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Documents
8/9/2020 - 14:49:36.5	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Documents
8/9/2020 - 14:49:36.72	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads
8/9/2020 - 14:49:36.862	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads\Monitor
8/9/2020 - 14:49:37.404	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads\Monitor
8/9/2020 - 14:49:37.470	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads\Monitor
8/9/2020 - 14:49:37.949	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads\Monitor
8/9/2020 - 14:49:38.15	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads\Monitor\2x93mlc4s-readme.txt
8/9/2020 - 14:49:38.824	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:38.824	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Downloads\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:38.824	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads\Monitor\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:39.10	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Downloads
8/9/2020 - 14:49:39.76	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites
8/9/2020 - 14:49:39.861	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links
8/9/2020 - 14:49:40.391	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links
8/9/2020 - 14:49:40.458	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links
8/9/2020 - 14:49:40.964	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links
8/9/2020 - 14:49:41.31	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links\2x93mlc4s-readme.txt
8/9/2020 - 14:49:41.850	Write	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:41.850	Write	1488	C:\Monitor\proc.exe	C:\Users\Behemot\Favorites\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:41.850	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links\2x93mlc4s-readme.txt	2x93mlc4s-readme.txt
8/9/2020 - 14:49:41.917	Open	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links for Brasil
8/9/2020 - 14:49:42.376	Unknown	1488	C:\Monitor\proc.exe	\Device\Mup\w7vm1\users\Behemot\Favorites\Links for Brasil

Process

Trace

8/9/2020 - 14:45:42.512	Create	1480	C:\malware.exe	1488	C:\Monitor\proc.exe
8/9/2020 - 14:45:45.873	Create	1488	C:\Monitor\proc.exe	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
8/9/2020 - 14:46:53.627	Terminate	1488	C:\Monitor\proc.exe	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Analysis

Reason

Timeout

Status

Sucessfully Executed

Results

Registry

Trace

8/9/2020 - 14:45:45.679	Write	1488	C:\Monitor\proc.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant	Ybr
8/9/2020 - 14:45:45.680	Write	1488	C:\Monitor\proc.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant	S6yP
8/9/2020 - 14:45:45.682	Write	1488	C:\Monitor\proc.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant	dA2U3
8/9/2020 - 14:45:45.684	Write	1488	C:\Monitor\proc.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant	8eN335
8/9/2020 - 14:45:45.686	Write	1488	C:\Monitor\proc.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant	zEhXReE
8/9/2020 - 14:45:45.695	Write	1488	C:\Monitor\proc.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Facebook_Assistant	fOvNL4TU
8/9/2020 - 14:45:45.696	Write	1488	C:\Monitor\proc.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	BV7BRrErOX
8/9/2020 - 14:45:46.532	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.533	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.534	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.540	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.594	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.595	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.595	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.595	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.595	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.596	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.596	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.596	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.597	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.597	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.597	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.597	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.598	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.598	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.598	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.599	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.600	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.600	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.600	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.601	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.601	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.601	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.601	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.602	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.602	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.602	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.604	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.604	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.604	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.605	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.605	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.605	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.606	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.606	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.606	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.606	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.607	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.607	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.607	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.607	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.608	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.608	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.608	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.608	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.609	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.609	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.609	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.610	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.610	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.611	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.611	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.611	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.611	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.612	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.612	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.612	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.613	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.613	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.613	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.632	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.762	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.763	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.763	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.764	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.765	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.765	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.766	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.766	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.767	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.768	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.768	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.773	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.773	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.780	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:45:46.780	Write	804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	HKCU\Local Settings\MuiCache\5\96383CDB	LanguageList
8/9/2020 - 14:46:54.183	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	Owner
8/9/2020 - 14:46:54.184	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	SessionHash
8/9/2020 - 14:46:54.184	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	Sequence
8/9/2020 - 14:46:54.185	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:46:54.185	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:46:55.266	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:46:55.266	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:46:56.433	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:46:56.433	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:46:57.525	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:46:57.525	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:46:58.707	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:46:58.707	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:46:59.735	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:46:59.735	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:0.834	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:0.834	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:1.997	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:1.997	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:3.149	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:3.149	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:4.313	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:4.313	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:5.519	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:5.519	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:6.763	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:6.763	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:37.150	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:37.150	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:40.617	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:40.619	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:43.571	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:43.571	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:47.211	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:47.211	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:51.582	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:51.582	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:47:55.566	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:47:55.566	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:48:0.299	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:48:0.299	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:48:5.807	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:48:5.808	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:48:11.10	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:48:11.10	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:48:16.950	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:48:16.950	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:48:23.540	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:48:23.541	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash
8/9/2020 - 14:48:29.874	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFiles0000
8/9/2020 - 14:48:29.874	Write	1488	C:\Monitor\proc.exe	HKCU\Software\Microsoft\RestartManager\Session0000	RegFilesHash

File Summary

Created

Identified: True

Deleted

Identified: False

Process Summary

Created

Identified: True

Deleted

Identified: True

Registry Summary

Proxy

Identified: False

AutoRun

Identified: False

Created

Identified: True

Deleted

Identified: False

Browsers

Identified: False

Internet

Identified: False

Loading...

DNS

Query

Response

TCP

Info

UDP

Info

HTTP

Info

Summary

DNS

False

TCP

False

UDP

False

HTTP

False

Results

BINARY

NFS 2.0 (Threshold = 0.8)

confidence: 80.00%
suspicious: False

Decision Tree (NFS-BRMalware)

confidence: 100.00%
suspicious: True

MalConv (Ember: Raw Bytes, Threshold=0.5)

confidence: 95.00%
suspicious: True

Random Forest (100 estimators, NFS-BRMalware)

confidence: 65.00%
suspicious: False

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)

confidence: 47.18%
suspicious: True

LightGDM (Ember: File Characteristics, Threshold=0.8336)

confidence: 63.54%
suspicious: False

Report #11153 check_circle

Binary

Hashes

Community

YARA

Strings

Foremost

Heuristics

PEDetector

Disassembly

AVclass

VirusTotal

File

Process

Analysis

Registry

File Summary

Process Summary

Registry Summary

Loading...

DNS

TCP

UDP

HTTP

Summary

Results

Report #11153