Report #5881 check_circle

  • Creation Date: Feb. 12, 2020, 6:14 p.m.
  • Last Update: Feb. 13, 2020, 2:14 a.m.
  • File: Nota_Fiscal.exe
  • Results:
Binary
DLL
False cancel
Size
849.00KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
679dd0f68e9f25b4c57bd5bc332fb952
sha1
729691cf9c991ea8423c2cb8902d982e55dea0e4
crc32
0xcd6de346
sha224
c76950183879147db67fc2abc7be94d4be15306ef5884e7b454b91ba
sha256
32d6f959655bef9aefaf606d7d5e0a6882b445387405ed841db8d46b4085bb29
sha384
3c7139cf20df7cba95d4a085824b54a1566a63859dc81232f5b49cd37077ecc9edc82f25f5683667d23d40b66cf53634
sha512
7722af411b3c948ea9b519edb67074490d22263ccb3c1d9f6c023199bae120ac886e8dcd1e71db4ec997f35d9472fa2d45eea5ac820ae00e79f8460f37adb146
ssdeep
24576:sAHnh+eWsN3skA4RV1Hom2KXSmdaw6q5:Lh+ZkldoPKi2awD
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDebugData, CRC32_poly_Constant, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, CRC32_table, network_http, win_files_operation, IsPE32, AutoIT_compiled_script, screenshot, IP, contentis_base64, keylogger, win_token, AutoIt, IsWindowsGUI, inject_thread, anti_dbg, Microsoft_Visual_Cpp_8, win_registry

Suspicious
True check_circle

Strings
List
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
Gt.Ht$
WSOCK32.dll
FSoftware\AutoIt v3\AutoIt
COMCTL32.dll
USERENV.dll
VERSION.dll
WININET.dll
WINMM.dll
UxTheme.dll
0.0.0.0
MPR.dll
AUTOITCALLVARIABLE%d
255.255.255.255
SeDebugPrivilege
SeRestorePrivilege
<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<
\Include\
fr-be
fr-ca
fr-ch
0%1F1O1i1w1
This is a third-party compiled AutoIt script.
BACKSPACE
Hebrew
Duployan
BInclude
HOTKEYSET
TaskbarCreated
HOTKEYPRESSED
too many forward references
invalid range in character class
failed to get memory
closed
failed to get memory
number is too big
regular expression is too large
\ at end of pattern
\c at end of pattern
two named subpatterns have the same name
BROWSER_SEARCH
HKEY_CLASSES_ROOT
TCPSHUTDOWN
BROWSER_REFRESH
AutoIt has detected the stack has become corrupt.
BROWSER_FORWARD
BROWSER_STOP
BROWSER_BACK
BROWSER_HOME
LAUNCH_MAIL
BROWSER_FAVORTIES
HKEY_LOCAL_MACHINE
Line %d (File "%s"):
VOLUME_UP
VOLUME_DOWN
VOLUME_MUTE
] is an invalid data character in JavaScript compatibility mode
LAUNCH_MEDIA
SOFTWARE\Classes\
Line %d:
TCPLISTEN
FtpOpenFileW
SYSTEM\CurrentControlSet\Control\Nls\Language
FtpGetFileSize
FTPSETPROXY
SW_HIDE
AUTOITWINGETTITLE
GETCURRENTSELECTION
TCPCLOSESOCKET
TCPCONNECT
HTTPSETUSERAGENT
GETSELECTEDCOUNT
GETSELECTED
HTTPSETPROXY
WINGETCLASSLIST
EWM_GETCONTROLNAME
HControl Panel\Mouse
Control Panel\Appearance
HttpOpenRequestW
HttpSendRequestW
/AutoIt3OutputDebug
mscoree.dll
LAUNCH_APP2
LAUNCH_APP1
WIN_VISTA
SeShutdownPrivilege
SeBackupPrivilege
SeIncreaseQuotaPrivilege
/AutoIt3ExecuteLine
SeAssignPrimaryTokenPrivilege
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
AUTOIT.ERROR
#requireadmin
>>>AUTOIT SCRIPT<<<
SHELLDLL_DefView
LOCALAPPDATADIR
<requestedPrivileges>
\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
winsta0\default
LOGONDNSDOMAIN

Foremost
Matches
0.exe, 849 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 255.255.255.255, 1, record
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: USER32.DLL, kernel32.dll, mscoree.dll, combase.dll, SHELL32.dll, WININET.dll, OLEAUT32.dll, PSAPI.DLL, ADVAPI32.dll, VERSION.dll, USERENV.dll, UxTheme.dll, GDI32.dll, COMCTL32.dll, COMDLG32.dll, ole32.dll, MPR.dll, IPHLPAPI.DLL, WINMM.dll, WSOCK32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 286720
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 907292
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 12.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 163850
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, mscoree.dll, combase.dll, shell32.dll, wininet.dll, oleaut32.dll, psapi.dll, advapi32.dll, version.dll, userenv.dll, uxtheme.dll, gdi32.dll, comctl32.dll, comdlg32.dll, ole32.dll, mpr.dll, winmm.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: iphlpapi.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-02-15 10:15:34
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1
.rsrc: 2
.text: 2
.rdata: 13

nopsequence
.text: 4

pushpopmath
.rsrc: 2
.text: 31
.rdata: 7
.reloc: 30

garbagebytes
.data: 1
.rsrc: 1
.text: 2
.rdata: 5

hookdetection
.rdata: 3
.reloc: 4

stealthimport
.text: 1

software breakpoint
.text: 9
.rdata: 1
.reloc: 5

programcontrolflowchange
.data: 1
.rsrc: 1
.text: 2
.rdata: 5

cpuinstructionsresultscomparison
.rsrc: 7
.rdata: 9

AVclass
autoit
1
VirusTotal
md5
679dd0f68e9f25b4c57bd5bc332fb952
sha1
729691cf9c991ea8423c2cb8902d982e55dea0e4
SCANS (DETECTION RATE = 58.21%)
AVG
result: Win32:Malware-gen
update: 20181101
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20181101
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20181101
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20181101
version: 1.3.0.9898
detected: False cancel

K7GW
result: Trojan-Downloader ( 005274351 )
update: 20181101
version: 11.9.28899
detected: True check_circle

ALYac
result: Trojan.GenericKD.40129517
update: 20181101
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20181101
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1000243
update: 20181101
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20181101
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.TCET-5951
update: 20181101
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20181101
version: 7.0.33.6080
detected: False cancel

GData
result: Trojan.GenericKD.40129517
update: 20181101
version: A:25.19177B:25.13572
detected: True check_circle

Panda
result: Trj/CI.A
update: 20181101
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.AutoIt
update: 20181101
version: 3.33.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20181101
version: 70672
detected: True check_circle

Zoner
update: 20181101
version: 1.0
detected: False cancel

ClamAV
update: 20181101
version: 0.100.2.0
detected: False cancel

F-Prot
update: 20181101
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.AutoIt
update: 20181101
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!679DD0F68E9F
update: 20181101
version: 6.0.6.653
detected: True check_circle

Rising
update: 20181101
version: 25.0.0.24
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20181101
version: 4.98.0
detected: True check_circle

Yandex
update: 20181101
version: 5.5.1.3
detected: False cancel

Zillya
update: 20181101
version: 2.0.0.3682
detected: False cancel

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Trojan.Generic.D26453ED
update: 20181101
version: 1.0.0.833
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Endgame
update: 20180730
version: 3.0.1
detected: False cancel

TACHYON
update: 20181101
version: 2018-11-01.02
detected: False cancel

Tencent
result: Win32.Trojan-downloader.Autoit.Wptt
update: 20181101
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20181101
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Adware.Gen
update: 20181101
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20181101
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.40129517
update: 20181101
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Autoit.a!c
update: 20181101
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.40129517 (B)
update: 20181101
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.GenericKD.40129517
update: 20181101
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Autoit.OKV!tr
update: 20181101
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180717
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20181101
version: 16.0.100
detected: False cancel

Kingsoft
update: 20181101
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20181101
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20181101
version: 1.8.0.0
detected: True check_circle

AhnLab-V3
result: Downloader/Win32.Autoit.C2408950
update: 20181101
version: 3.13.1.22397
detected: True check_circle

Antiy-AVL
result: Trojan/Generic.ASVCS3S.1E5
update: 20181101
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.Autoit.rhk
update: 20181101
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Tiggre!rfn
update: 20181101
version: 1.1.15400.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Downloader.fff
update: 20181101
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20181031
version: 6.8.0.5.3804
detected: False cancel

Trustlook
update: 20181101
version: 1.0
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.Autoit.rhk
update: 20181101
version: 1.0
detected: True check_circle

Cybereason
update: 20180225
version: 1.2.27
detected: False cancel

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Autoit.OKV
update: 20181101
version: 18311
detected: True check_circle

TrendMicro
update: 20181101
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Trojan.GenericKD.40129517
update: 20181101
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20181022
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 005274351 )
update: 20181101
version: 11.9.28899
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20181011
version: 1.0.19.245
detected: True check_circle

Avast-Mobile
update: 20181101
version: 181101-02
detected: False cancel

Malwarebytes
update: 20181101
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20181101
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20181031
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Autoit.eydtdh
update: 20181101
version: 1.0.134.24299
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.40129517
update: 20181101
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20181031
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Downloader.ch
update: 20181101
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20181101
version: 10.0.0.1040
detected: False cancel

total
67
sha256
32d6f959655bef9aefaf606d7d5e0a6882b445387405ed841db8d46b4085bb29
scan_id
32d6f959655bef9aefaf606d7d5e0a6882b445387405ed841db8d46b4085bb29-1541091271
resource
679dd0f68e9f25b4c57bd5bc332fb952
permalink
https://www.virustotal.com/file/32d6f959655bef9aefaf606d7d5e0a6882b445387405ed841db8d46b4085bb29/analysis/1541091271/
positives
39
scan_date
2018-11-01 16:54:31
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
13/2/2020 - 1:45:57.668Open1480C:\malware.exeC:\Monitor
13/2/2020 - 1:45:57.668Unknown1480C:\malware.exeC:\Monitor
13/2/2020 - 1:45:57.715Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:57.762Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\PROPSYS.dll
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\malware.exe.Local
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:57.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
13/2/2020 - 1:45:57.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
13/2/2020 - 1:45:57.778Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\System32\propsys.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\System32\propsys.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Secur32.dll
13/2/2020 - 1:45:57.778Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/2/2020 - 1:45:57.793Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Windows
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Windows
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:57.887Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:57.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:57.903Unknown1480C:\malware.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Windows
13/2/2020 - 1:45:57.903Unknown1480C:\malware.exeC:\Windows
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:57.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:57.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:57.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe:Zone.Identifier
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Monitor
13/2/2020 - 1:45:57.903Unknown1480C:\malware.exeC:\Monitor
13/2/2020 - 1:45:57.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:57.903Read1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:57.965Read1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.12Read1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.59Read1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:58.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\
13/2/2020 - 1:45:58.106Unknown1480C:\malware.exeC:\
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows
13/2/2020 - 1:45:58.106Unknown1480C:\malware.exeC:\Windows
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:58.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\sfc.dll
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\sfc.dll
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\sfc_os.DLL
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\sfc_os.dll
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\sfc_os.dll
13/2/2020 - 1:45:58.106Open1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms
13/2/2020 - 1:45:58.106Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.106Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
13/2/2020 - 1:45:58.106Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.106Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.122Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:45:58.122Unknown1480C:\malware.exeC:\Windows
13/2/2020 - 1:45:58.122Unknown1480C:\malware.exeC:\Monitor
13/2/2020 - 1:45:58.122Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:45:58.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:45:58.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:45:58.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:45:58.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
13/2/2020 - 1:45:58.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
13/2/2020 - 1:45:58.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
13/2/2020 - 1:45:58.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
13/2/2020 - 1:45:58.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
13/2/2020 - 1:45:58.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
13/2/2020 - 1:45:58.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
13/2/2020 - 1:45:58.450Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
13/2/2020 - 1:45:58.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
13/2/2020 - 1:45:58.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
13/2/2020 - 1:45:58.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
13/2/2020 - 1:45:58.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
13/2/2020 - 1:45:58.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
13/2/2020 - 1:45:58.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
13/2/2020 - 1:45:58.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
13/2/2020 - 1:45:58.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.528Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.528Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.528Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.575Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
13/2/2020 - 1:45:58.575Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
13/2/2020 - 1:45:58.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.590Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\gameux.dll
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
13/2/2020 - 1:45:58.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.622Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.622Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.622Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.622Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
13/2/2020 - 1:45:58.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
13/2/2020 - 1:45:58.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
13/2/2020 - 1:45:58.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
13/2/2020 - 1:45:58.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
13/2/2020 - 1:45:58.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
13/2/2020 - 1:45:58.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.747Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
13/2/2020 - 1:45:58.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
13/2/2020 - 1:45:58.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
13/2/2020 - 1:45:58.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
13/2/2020 - 1:45:58.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
13/2/2020 - 1:45:58.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
13/2/2020 - 1:45:58.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
13/2/2020 - 1:45:58.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
13/2/2020 - 1:45:58.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
13/2/2020 - 1:45:58.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
13/2/2020 - 1:45:58.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
13/2/2020 - 1:45:58.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
13/2/2020 - 1:45:58.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
13/2/2020 - 1:45:58.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
13/2/2020 - 1:45:58.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:45:58.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
13/2/2020 - 1:45:58.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.950Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.950Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.950Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.950Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.950Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:45:58.950Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.997Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.997Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:58.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:59.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:59.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 1:45:59.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.tempCQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.tempCQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.tempCQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.tempCQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
13/2/2020 - 1:45:59.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
13/2/2020 - 1:45:59.12Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CQBOKRJMUVFY9O8WED7G.tempCQBOKRJMUVFY9O8WED7G.temp
13/2/2020 - 1:45:59.12Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
13/2/2020 - 1:45:59.75Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/2/2020 - 1:45:59.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
13/2/2020 - 1:45:59.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
13/2/2020 - 1:45:59.137Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
13/2/2020 - 1:45:59.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
13/2/2020 - 1:45:59.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
13/2/2020 - 1:45:59.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
13/2/2020 - 1:45:59.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
13/2/2020 - 1:45:59.137Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
13/2/2020 - 1:45:59.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
13/2/2020 - 1:45:59.184Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:0.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:0.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:46:0.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:46:0.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:0.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
13/2/2020 - 1:46:0.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:0.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:0.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:0.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:0.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:0.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:46:0.434Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:46:0.434Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
13/2/2020 - 1:46:0.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
13/2/2020 - 1:46:0.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
13/2/2020 - 1:46:0.543Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.543Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
13/2/2020 - 1:46:0.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:0.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:1.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.372Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:2.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:2.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:2.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:2.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:3.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
13/2/2020 - 1:46:3.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:4.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:5.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:6.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
13/2/2020 - 1:46:6.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:7.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:7.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:7.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:7.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
13/2/2020 - 1:46:7.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
13/2/2020 - 1:46:7.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
13/2/2020 - 1:46:7.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
13/2/2020 - 1:46:7.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
13/2/2020 - 1:46:7.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:7.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
13/2/2020 - 1:46:7.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:7.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:7.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:7.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:7.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:7.950Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:8.184Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:8.184Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.231Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.231Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:8.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:8.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:8.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:8.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:8.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:8.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:8.918Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:8.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:8.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:8.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:9.528Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:9.528Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:9.528Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:9.528Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:9.528Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:9.528Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:9.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:9.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:9.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:9.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:9.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:10.153Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
13/2/2020 - 1:46:10.200Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
13/2/2020 - 1:46:10.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
13/2/2020 - 1:46:10.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:46:10.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:10.387Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:10.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:10.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:10.825Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:10.825Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:10.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:10.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:10.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:10.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:11.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:11.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:11.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
13/2/2020 - 1:46:11.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:11.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:11.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:11.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:11.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:12.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:12.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:12.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:12.231Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
13/2/2020 - 1:46:12.372Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.372Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
13/2/2020 - 1:46:12.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:12.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.543Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:13.637Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:13.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:13.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:14.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:14.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:14.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:14.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:14.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:14.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:14.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:14.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:15.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:15.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:15.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:15.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:15.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:16.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.168Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:16.168Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:16.168Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
13/2/2020 - 1:46:16.168Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
13/2/2020 - 1:46:16.168Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
13/2/2020 - 1:46:16.168Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:16.168Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:16.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:16.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:16.262Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:16.262Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:16.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:16.450Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
13/2/2020 - 1:46:16.543Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
13/2/2020 - 1:46:16.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:16.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
13/2/2020 - 1:46:17.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
13/2/2020 - 1:46:17.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:17.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:18.278Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
13/2/2020 - 1:46:18.278Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.278Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
13/2/2020 - 1:46:18.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:18.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:18.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:18.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:18.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:18.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:46:18.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:18.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:18.965Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:19.59Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:19.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.106Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.106Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:19.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:19.387Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:19.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
13/2/2020 - 1:46:19.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
13/2/2020 - 1:46:19.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
13/2/2020 - 1:46:19.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
13/2/2020 - 1:46:19.528Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.528Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
13/2/2020 - 1:46:19.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:19.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
13/2/2020 - 1:46:20.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:20.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:20.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:20.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:20.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:20.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
13/2/2020 - 1:46:20.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:20.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:20.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.184Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.184Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:20.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:20.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:20.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
13/2/2020 - 1:46:20.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:20.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:20.903Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
13/2/2020 - 1:46:21.90Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.90Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
13/2/2020 - 1:46:21.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.465Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.465Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.512Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.512Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
13/2/2020 - 1:46:21.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
13/2/2020 - 1:46:21.653Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
13/2/2020 - 1:46:21.653Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.653Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:21.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:21.700Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.700Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:21.700Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.700Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.700Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.700Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.700Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.700Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
13/2/2020 - 1:46:21.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:21.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:21.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:21.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:21.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:21.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:21.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:22.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:22.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:22.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:22.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:22.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:22.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:22.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:22.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:22.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:22.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:22.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
13/2/2020 - 1:46:22.965Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:22.965Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
13/2/2020 - 1:46:22.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:23.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:23.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
13/2/2020 - 1:46:23.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
13/2/2020 - 1:46:23.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
13/2/2020 - 1:46:23.622Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
13/2/2020 - 1:46:23.668Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
13/2/2020 - 1:46:23.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:46:23.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:23.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:23.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:23.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:23.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:23.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:23.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:23.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.247Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:24.247Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:24.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.340Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.340Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.340Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:24.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:24.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:24.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:24.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:24.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:24.622Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:24.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.622Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:24.997Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:24.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.997Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.997Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.997Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:24.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
13/2/2020 - 1:46:25.137Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
13/2/2020 - 1:46:25.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:25.559Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:25.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:25.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:26.28Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.122Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:26.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:26.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:26.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:26.778Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:26.778Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
13/2/2020 - 1:46:26.825Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:26.825Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
13/2/2020 - 1:46:26.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:26.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:26.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:26.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:27.59Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
13/2/2020 - 1:46:27.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.59Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.59Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.59Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
13/2/2020 - 1:46:27.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
13/2/2020 - 1:46:27.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
13/2/2020 - 1:46:27.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:27.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:27.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:27.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:27.512Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:27.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.512Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.512Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.512Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
13/2/2020 - 1:46:27.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:27.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:27.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
13/2/2020 - 1:46:27.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:27.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:27.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:27.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:27.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:27.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:28.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:28.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:28.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:28.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:28.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:28.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:28.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:29.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:29.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:29.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:29.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:30.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:30.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:30.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:30.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:30.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:30.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:30.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.434Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:30.950Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:30.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:30.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:31.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:31.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:31.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:31.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:31.606Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:31.606Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.653Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:31.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:31.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:31.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:32.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:32.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
13/2/2020 - 1:46:32.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
13/2/2020 - 1:46:32.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
13/2/2020 - 1:46:32.309Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
13/2/2020 - 1:46:32.309Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
13/2/2020 - 1:46:32.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:32.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:32.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:32.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:32.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:46:32.497Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:46:32.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
13/2/2020 - 1:46:32.543Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:32.543Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
13/2/2020 - 1:46:32.590Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:32.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:32.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:32.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:32.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:32.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:32.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:32.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:32.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:32.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
13/2/2020 - 1:46:33.340Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:33.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:33.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:33.965Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:33.965Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
13/2/2020 - 1:46:33.965Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
13/2/2020 - 1:46:34.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:34.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:34.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:35.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:35.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:35.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:35.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:35.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:35.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:36.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:36.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:36.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:36.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:36.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:36.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:36.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:36.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:36.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:36.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
13/2/2020 - 1:46:36.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:36.543Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:36.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:36.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:36.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:36.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:46:36.747Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
13/2/2020 - 1:46:36.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
13/2/2020 - 1:46:36.793Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:36.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
13/2/2020 - 1:46:36.840Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:36.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
13/2/2020 - 1:46:36.887Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:36.887Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
13/2/2020 - 1:46:36.887Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:36.887Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
13/2/2020 - 1:46:36.887Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:36.887Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
13/2/2020 - 1:46:36.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:36.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
13/2/2020 - 1:46:36.981Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:36.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.28Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.28Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
13/2/2020 - 1:46:37.28Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:37.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
13/2/2020 - 1:46:37.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
13/2/2020 - 1:46:37.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
13/2/2020 - 1:46:37.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
13/2/2020 - 1:46:37.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.137Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
13/2/2020 - 1:46:37.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
13/2/2020 - 1:46:37.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:37.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.668Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
13/2/2020 - 1:46:37.668Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
13/2/2020 - 1:46:37.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
13/2/2020 - 1:46:37.684Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
13/2/2020 - 1:46:37.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:37.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
13/2/2020 - 1:46:37.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:37.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
13/2/2020 - 1:46:37.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
13/2/2020 - 1:46:37.747Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
13/2/2020 - 1:46:37.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.762Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
13/2/2020 - 1:46:37.762Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
13/2/2020 - 1:46:37.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:37.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.793Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
13/2/2020 - 1:46:37.809Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
13/2/2020 - 1:46:37.809Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.809Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
13/2/2020 - 1:46:37.809Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
13/2/2020 - 1:46:37.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:37.825Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
13/2/2020 - 1:46:37.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:37.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:37.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:37.840Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:37.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:37.840Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:37.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.856Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.856Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
13/2/2020 - 1:46:37.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:37.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
13/2/2020 - 1:46:37.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
13/2/2020 - 1:46:37.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
13/2/2020 - 1:46:37.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
13/2/2020 - 1:46:37.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:38.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:38.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:38.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:38.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:38.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:38.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:38.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:46:38.684Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
13/2/2020 - 1:46:38.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:38.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:38.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:38.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.684Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:38.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
13/2/2020 - 1:46:38.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:38.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:38.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:38.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:38.872Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
13/2/2020 - 1:46:39.28Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.28Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.28Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.28Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:39.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:39.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:39.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:46:39.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.90Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.90Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:46:39.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:39.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
13/2/2020 - 1:46:39.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:39.497Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
13/2/2020 - 1:46:39.653Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
13/2/2020 - 1:46:39.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:39.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.450Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.497Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.543Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:40.590Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
13/2/2020 - 1:46:40.590Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.637Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.684Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.778Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:40.825Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
13/2/2020 - 1:46:40.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:40.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:40.965Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.12Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.59Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.200Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
13/2/2020 - 1:46:41.200Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
13/2/2020 - 1:46:41.200Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.200Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
13/2/2020 - 1:46:41.200Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
13/2/2020 - 1:46:41.247Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:46:41.247Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:41.247Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:41.247Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:41.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:41.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:41.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:41.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:41.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:41.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:42.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:42.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:42.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:42.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:42.231Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
13/2/2020 - 1:46:42.231Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
13/2/2020 - 1:46:42.231Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
13/2/2020 - 1:46:42.231Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
13/2/2020 - 1:46:42.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:42.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:42.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:42.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:42.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
13/2/2020 - 1:46:42.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:46:42.653Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:46:42.747Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:46:42.747Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
13/2/2020 - 1:46:42.840Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:42.840Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
13/2/2020 - 1:46:42.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:42.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:42.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:42.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:43.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:43.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:46:43.75Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:46:43.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
13/2/2020 - 1:46:43.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
13/2/2020 - 1:46:43.75Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:43.75Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
13/2/2020 - 1:46:43.75Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:43.75Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:43.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:46:43.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:43.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:43.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:43.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:43.950Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:43.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:44.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:44.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:46:44.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:44.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:44.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
13/2/2020 - 1:46:44.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:44.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:46:44.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:46:44.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:46:44.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:46:44.418Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:46:44.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:44.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:44.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:44.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:44.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:44.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
13/2/2020 - 1:46:44.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:45.43Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:46:45.43Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:46:45.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:45.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:45.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:45.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
13/2/2020 - 1:46:45.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.293Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:45.950Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
13/2/2020 - 1:46:45.997Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:45.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
13/2/2020 - 1:46:45.997Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.43Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.90Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.137Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.184Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.231Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.278Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:46.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
13/2/2020 - 1:46:46.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.418Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.465Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.559Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.606Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.653Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.700Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.747Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.793Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.840Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.887Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
13/2/2020 - 1:46:46.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
13/2/2020 - 1:46:46.934Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
13/2/2020 - 1:46:46.934Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:46.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
13/2/2020 - 1:46:46.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
13/2/2020 - 1:46:46.981Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:47.28Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:47.75Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:47.122Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.zip
13/2/2020 - 1:46:47.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:47.168Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:47.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:47.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:47.309Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:47.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
13/2/2020 - 1:46:47.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\rasapi32.dll
13/2/2020 - 1:46:47.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rasapi32.dll
13/2/2020 - 1:46:47.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rasapi32.dll
13/2/2020 - 1:46:47.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\rasman.dll
13/2/2020 - 1:46:47.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rasman.dll
13/2/2020 - 1:46:47.637Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rasman.dll
13/2/2020 - 1:46:48.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\rtutils.dll
13/2/2020 - 1:46:48.12Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rtutils.dll
13/2/2020 - 1:46:48.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rtutils.dll
13/2/2020 - 1:46:48.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
13/2/2020 - 1:46:48.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mswsock.dll
13/2/2020 - 1:46:48.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mswsock.dll
13/2/2020 - 1:46:48.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/2/2020 - 1:46:48.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/2/2020 - 1:46:48.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wship6.dll
13/2/2020 - 1:46:48.387Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wship6.dll
13/2/2020 - 1:46:48.387Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
13/2/2020 - 1:46:48.434Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.528Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.575Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.622Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.668Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.856Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:48.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:48.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:48.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:46:48.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.903Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\winhttp.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\webio.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\webio.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\webio.dll
13/2/2020 - 1:46:48.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\credssp.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\credssp.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\credssp.dll
13/2/2020 - 1:46:48.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.918Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\IPHLPAPI.DLL
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WINNSI.DLL
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\winnsi.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\winnsi.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\dhcpcsvc6.DLL
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/2/2020 - 1:46:48.918Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/2/2020 - 1:46:48.918Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/2/2020 - 1:46:48.918Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/2/2020 - 1:46:48.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\dhcpcsvc.DLL
13/2/2020 - 1:46:48.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/2/2020 - 1:46:48.981Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/2/2020 - 1:46:49.122Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:49.168Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
13/2/2020 - 1:46:49.215Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:46:49.262Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:47:10.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
13/2/2020 - 1:47:10.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:47:10.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
13/2/2020 - 1:47:10.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
13/2/2020 - 1:47:10.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.zip
13/2/2020 - 1:47:10.325Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\Files\DeletedFiles
13/2/2020 - 1:47:10.325Delete2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.zip
13/2/2020 - 1:47:10.325Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.zip
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:47:10.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
13/2/2020 - 1:47:10.340Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
13/2/2020 - 1:47:10.340Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
13/2/2020 - 1:47:10.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:47:10.340Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:47:10.340Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13/2/2020 - 1:47:10.340Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\symbols\dll\System.Management.Automation.pdb
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\dll\System.Management.Automation.pdb
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System.Management.Automation.pdb
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\symbols\dll\System.pdb
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\dll\System.pdb
13/2/2020 - 1:47:10.356Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System.pdb
13/2/2020 - 1:47:10.356Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.372Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:10.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
13/2/2020 - 1:47:10.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:47:10.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
13/2/2020 - 1:47:10.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\sxs.dll
13/2/2020 - 1:47:10.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sxs.dll
13/2/2020 - 1:47:10.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sxs.dll
13/2/2020 - 1:47:10.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\RpcRtRemote.dll
13/2/2020 - 1:47:10.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/2/2020 - 1:47:10.575Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/2/2020 - 1:47:10.575Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/2/2020 - 1:47:10.575Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/2/2020 - 1:47:10.762Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.762Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
13/2/2020 - 1:47:10.809Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:47:10.872Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:47:10.887Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:10.887Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:10.887Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:10.887Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:10.887Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:47:10.887Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:47:10.887Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.zip
13/2/2020 - 1:47:10.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\file1.tmp
13/2/2020 - 1:47:10.997Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\file1.tmp
13/2/2020 - 1:47:11.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.59Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.106Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.106Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.106Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.106Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.106Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.153Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.200Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.247Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.293Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.293Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dllMicrosoft.PowerShell.Commands.Management.Resources.dll
13/2/2020 - 1:47:11.372Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\file2.tmp
13/2/2020 - 1:47:11.372Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\file2.tmp
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.403Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dllMicrosoft.PowerShell.Commands.Utility.Resources.dll
13/2/2020 - 1:47:11.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\LogPRO
13/2/2020 - 1:47:11.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\LogPRO
13/2/2020 - 1:47:11.418Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\LogPRO
13/2/2020 - 1:47:11.418Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\LogPRO
13/2/2020 - 1:47:11.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mpr.dll
13/2/2020 - 1:47:11.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mpr.dll
13/2/2020 - 1:47:11.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\scrrun.dll
13/2/2020 - 1:47:11.434Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\scrrun.dll
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wshom.ocx
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vNmJP.lnk
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vNmJP.lnk\desktop.ini
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vNmJP.lnk\desktop.ini
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:11.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:47:11.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.exe
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:11.481Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.exe
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vNmJP.lnk
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\SysxGVep\vNmJP.exe
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vNmJP.lnk
13/2/2020 - 1:47:11.481Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vNmJP.lnk
13/2/2020 - 1:47:11.497Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vNmJP.lnk
13/2/2020 - 1:47:11.512Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.512Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\%SystemRoot%\system32\WindowsPowerShell\v1.0\
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.559Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\shell32.dll
13/2/2020 - 1:47:11.622Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:47:11.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:11.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:47:11.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.715Unknown2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.715Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ui\SwDRM.dll
13/2/2020 - 1:47:11.731Read2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
13/2/2020 - 1:47:11.731Open2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
13/2/2020 - 1:47:11.778Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.778Read1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
13/2/2020 - 1:47:11.778Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Windows
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Monitor
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Monitor
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Monitor
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\Monitor
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\Monitor
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\SysxGVep
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\SysxGVep
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\SysxGVep
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\SysxGVep
13/2/2020 - 1:47:11.793Open1096C:\Windows\SysWOW64\cmd.exeC:\SysxGVep
13/2/2020 - 1:47:11.793Unknown1096C:\Windows\SysWOW64\cmd.exeC:\SysxGVep

Process
Trace
13/2/2020 - 1:45:58.106Create1480C:\malware.exe2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
13/2/2020 - 1:47:11.715Create2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe1096C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/2/2020 - 1:45:57.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.465Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.481Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.590Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.606Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.606Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.606Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.606Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.606Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.637Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:45:58.637Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/2/2020 - 1:46:48.340Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32EnableFileTracing
13/2/2020 - 1:46:48.340Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32EnableConsoleTracing
13/2/2020 - 1:46:48.340Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32FileTracingMask
13/2/2020 - 1:46:48.340Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32ConsoleTracingMask
13/2/2020 - 1:46:48.340Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32MaxFileSize
13/2/2020 - 1:46:48.340Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32FileDirectory
13/2/2020 - 1:46:48.903Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCSEnableFileTracing
13/2/2020 - 1:46:48.903Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCSEnableConsoleTracing
13/2/2020 - 1:46:48.903Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCSFileTracingMask
13/2/2020 - 1:46:48.903Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCSConsoleTracingMask
13/2/2020 - 1:46:48.903Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCSMaxFileSize
13/2/2020 - 1:46:48.903Write2412C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCSFileDirectory

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255


TCP
Info
computer localhost:65191 arrow_forward 45.32.121.105:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 96.86%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 67.83%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 71.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 42.59%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: False cancel

Back
Add to Collection
Download