Report #672 check_circle

  • Creation Date: Oct. 19, 2019, 2:19 a.m.
  • Last Update: Oct. 19, 2019, 4 a.m.
  • File: 019
  • Results:
Binary
DLL
False cancel
Size
2.39MB
trid
33.2% InstallShield setup
32.1% Win32 EXE PECompact compressed
21.3% Win64 Executable
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
2265e0c9b363b6f786b69d8e3d40398f
sha1
357fdeaf0a5d7f2fd6cf1bec78d02221ea9baa55
crc32
0x86469576
sha224
82b5e5178d6abeb03d0f023c7666a300c150b8238c1f82e200239c8e
sha256
facb2ea67d567273f6877a6d2f4c0a63ea5fa0ee2d9237f73a51bc6c8ffc8451
sha384
630a2600d628371c721a0edd70c428cc0fd0aada14722d5650f4c2726417a80d1d82c1b41f5d3d22fb162ce3fa7e92a9
sha512
c02bdbc328d079d190d851c6b9ea0ba7eb6d4c050692e71448280ac37d5ed4358d0cb88de9fbe3c1fa049946a33c25586dd6a8677297f225856e7f4dd1166573
ssdeep
49152:rMj5GbS+gxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+swIOTKC:rIru5jKNOj+7
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, BASE64_table, escalate_priv, DebuggerException__SetConsoleCtrl, spreading_share, create_service, antisb_threatExpert, network_dns, cred_local, network_http, win_files_operation, IsPE32, win_hook, disable_dep, MinGW_1, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, spyeye, migrate_apc, IsWindowsGUI, Big_Numbers5, DebuggerHiding__Thread, network_udp_sock, anti_dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpreter, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Check_Dlls, System_Tools, create_com_service, powershell, Big_Numbers0

Suspicious
True check_circle

Strings
List
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost
Matches
0.exe, 372 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, msvcrt.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 308224
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 1337
Suspicious: False cancel
Pointer
Pointer: 381440
Suspicious: False cancel
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 437597
Suspicous: False cancel

Sections
Allowed: .text, .data, .rdata, .bss, .idata, .crt, .tls, .rsrc, /4, /19, /31, /45, /57, /70, /81, /92
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 2.24
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5312
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, msvcrt.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-09-05 04:55:39
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 125
.rsrc: 21
.debug_info: 2
.debug_frame: 1

nopsequence
.text: 30

pushpopmath
.data: 66
.rsrc: 3
.debug_info: 3
.debug_frame: 1

ss register
.data: 3

garbagebytes
.data: 41
.debug_frame: 1

hookdetection
.data: 3

software breakpoint
.data: 4

fakeconditionaljumps
.data: 1

programcontrolflowchange
.data: 40
.debug_frame: 1

cpuinstructionsresultscomparison
.rsrc: 51
.debug_info: 10
.debug_abbrev: 12

AVclass
trickbot
1
VirusTotal
md5
2265e0c9b363b6f786b69d8e3d40398f
sha1
357fdeaf0a5d7f2fd6cf1bec78d02221ea9baa55
SCANS
AVG
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=87)
update: 20190906
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190906
version: 5.60
detected: True check_circle

Bkav
update: 20190903
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan ( 005360611 )
update: 20190906
version: 11.65.31928
detected: True check_circle

ALYac
result: Trojan.GenericKD.40451970
update: 20190906
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Crypt.ZPACK.Gen
update: 20190906
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.IGLP-0730
update: 20190906
version: 6.2.0.1
detected: True check_circle

DrWeb
update: 20190906
version: 7.0.41.7240
detected: False cancel

GData
result: Trojan.GenericKD.40451970
update: 20190906
version: A:25.23285B:26.15960
detected: True check_circle

Panda
update: 20190905
version: 4.6.4.2
detected: False cancel

VBA32
result: BScope.Trojan.MereTam
update: 20190905
version: 4.0.0
detected: True check_circle

Zoner
update: 20190906
version: 1.0.0.1
detected: False cancel

ClamAV
result: Win.Packer.Trickbot-6683856-3
update: 20190905
version: 0.101.4.0
detected: True check_circle

Comodo
update: 20190906
version: 31432
detected: False cancel

F-Prot
result: W32/Trojan3.AMYN
update: 20190906
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Banker.TrickBot
update: 20190905
version: 0.1.5.2
detected: True check_circle

McAfee
result: Trojan-FQDW!2265E0C9B363
update: 20190906
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Generic@ML.100 (RDMK:tIh74jiSDFRE8bz+jSk4Vg)
update: 20190906
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/Kryptik-IV
update: 20190906
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Inject!q3DV184FrVI
update: 20190822
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Inject.Win32.249618
update: 20190905
version: 2.0.0.3894
detected: True check_circle

Acronis
result: suspicious
update: 20190904
version: 1.1.1.56
detected: True check_circle

Alibaba
result: Trojan:Win32/TrickBot.1fe49936
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2693F82
update: 20190906
version: 1.0.0.856
detected: True check_circle

Cylance
result: Unsafe
update: 20190906
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190819
version: 3.0.14
detected: True check_circle

FireEye
result: Generic.mg.2265e0c9b363b6f7
update: 20190906
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190906
version: 2019-09-06.01
detected: False cancel

Tencent
update: 20190906
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win32.Inject.410598
update: 20190905
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Gen
update: 20190906
version: 1.0.0.403
detected: True check_circle

eGambit
result: Trojan.Generic
update: 20190906
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.40451970
update: 20190906
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20190906
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.TrickBot (A)
update: 20190906
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Crypt.ZPACK.Gen
update: 20190905
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Kryptik.GKOV!tr
update: 20190906
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Banker.Trickster.be
update: 20190906
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190906
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190906
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Trickybot
update: 20190906
version: 1.10.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
result: Malware/Win32.Generic.C2696653
update: 20190906
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.TrickBot
update: 20190906
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20190906
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/TrickBot.I
update: 20190906
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
result: HEUR/QVM20.1.B2C7.Malware.Gen
update: 20190906
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20190906
version: 1.0
detected: True check_circle

Cybereason
result: malicious.9b363b
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/TrickBot.AX
update: 20190906
version: 19974
detected: True check_circle

TrendMicro
update: 20190906
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.40451970
update: 20190906
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005360611 )
update: 20190906
version: 11.65.31928
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190905
version: 190905-02
detected: False cancel

Malwarebytes
result: Trojan.TrickBot
update: 20190906
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190905
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Generic
update: 20190905
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.GenKryptik.fhhgyc
update: 20190906
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.40451970
update: 20190906
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190830
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.VTFlooder.vh
update: 20190906
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190906
version: 10.0.0.1040
detected: False cancel

total
69
sha256
facb2ea67d567273f6877a6d2f4c0a63ea5fa0ee2d9237f73a51bc6c8ffc8451
scan_id
facb2ea67d567273f6877a6d2f4c0a63ea5fa0ee2d9237f73a51bc6c8ffc8451-1567748898
resource
2265e0c9b363b6f786b69d8e3d40398f
positives
53
scan_date
2019-09-06 05:48:18
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.715Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.715Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.715Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.731Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.731Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.747Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.747Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.747Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Unknown1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.762Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.762Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.762Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.762Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.762Open2136C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.762Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.762Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.762Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.762Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.762Open1480C:\malware.exeC:\
19/10/2019 - 3:45:43.762Unknown1480C:\malware.exeC:\
19/10/2019 - 3:45:43.778Open1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:43.778Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.778Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.778Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.778Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:43.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\FAQ
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.809Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.825Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\ui\SwDRM.dll
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exe
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.950Read1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.950Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.965Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.965Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.965Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.965Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.965Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.981Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\Prefetch\MALWASE.EXE-A6F6E6AE.pf
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:43.997Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\CRYPTSP.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:43.997Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.12Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 3:45:44.12Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:44.12Read344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:44.43Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:44.43Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.43Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 3:45:44.43Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 3:45:44.43Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 3:45:44.43Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:44.43Write344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:44.43Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:44.75Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.75Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.75Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.75Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.75Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.75Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\
19/10/2019 - 3:45:44.90Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:44.90Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.90Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.90Read344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.106Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\
19/10/2019 - 3:45:44.106Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:44.106Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.106Read344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.106Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.122Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\
19/10/2019 - 3:45:44.122Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:44.122Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.122Read344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.122Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.184Read652C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.184Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.184Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.200Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.200Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.231Read2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.231Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.231Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.247Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.247Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.247Read2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.247Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.247Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.262Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.262Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.262Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.262Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.262Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32
19/10/2019 - 3:45:44.262Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32
19/10/2019 - 3:45:44.262Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:44.262Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:44.262Open344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:44.262Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:44.387Open1692C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SVCHOST.EXE-3AFE2219.pf
19/10/2019 - 3:45:44.387Open1692C:\Windows\System32\svchost.exeC:\Windows\System32
19/10/2019 - 3:45:44.387Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll
19/10/2019 - 3:45:44.387Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll
19/10/2019 - 3:45:44.418Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:44.418Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:44.418Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:44.418Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:44.418Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:44.418Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\winhttp.dll
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\winhttp.dll
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\webio.dll
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\webio.dll
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\IPHLPAPI.dll
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\IPHLPAPI.DLL
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\IPHLPAPI.DLL
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\vsmcrd\WINNSI.DLL
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\winnsi.dll
19/10/2019 - 3:45:44.434Open1692C:\Windows\System32\svchost.exeC:\Windows\System32\winnsi.dll
19/10/2019 - 3:45:44.434Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.434Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.434Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.434Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.434Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.434Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.434Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.434Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.450Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.450Unknown2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.450Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.450Unknown1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.450Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.450Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.450Unknown2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.450Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.450Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.450Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.465Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.465Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.465Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.465Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.465Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.465Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.465Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.481Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.481Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.497Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.497Unknown1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.497Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.497Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.497Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.497Read1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.497Read1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.497Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:44.497Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.512Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.512Unknown2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.512Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.512Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.512Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.512Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.512Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.512Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:44.512Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.528Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.528Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.528Unknown2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.528Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.528Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.528Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.528Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.528Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.528Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.528Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.575Unknown2488C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.575Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.575Unknown2600C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.575Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.590Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.590Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.590Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.590Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.606Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 3:45:44.606Read2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.606Open2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 3:45:44.622Read2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 3:45:44.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
19/10/2019 - 3:45:44.668Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
19/10/2019 - 3:45:44.668Read2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 3:45:44.668Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:44.668Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:45:44.668Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:44.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:44.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.715Open2600C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.762Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.762Unknown652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.762Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.762Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.762Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.778Read652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.778Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:44.809Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.809Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.809Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.825Read2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:44.825Open2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:44.840Unknown2488C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.840Unknown2488C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.840Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Unknown2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.856Read2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.856Open2424C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:44.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:44.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.887Unknown2600C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.887Unknown2600C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Unknown2600C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 3:45:44.887Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.887Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.887Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.903Unknown3032C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.903Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.934Unknown2168C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:44.934Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.934Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.934Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:44.950Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.965Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.965Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 3:45:44.965Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.965Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:44.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
19/10/2019 - 3:45:44.981Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 3:45:44.981Open2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 3:45:44.981Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 3:45:44.981Open3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 3:45:44.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:45:44.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:45:44.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:45:44.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:45:45.43Unknown3032C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:45.43Unknown3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.43Unknown3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 3:45:45.43Unknown3032C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 3:45:45.59Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Windows
19/10/2019 - 3:45:45.59Unknown344C:\Users\Behemot\AppData\Roaming\vsmcrd\malwase.exeC:\Users\Behemot\AppData\Roaming\vsmcrd
19/10/2019 - 3:45:45.59Unknown2168C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:45.59Unknown2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.59Unknown2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 3:45:45.59Unknown2168C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 3:45:45.59Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:45.59Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.59Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 3:45:45.59Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:45.59Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:45.59Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:45.59Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:45.59Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:45.59Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:45.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:45.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:45.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:45.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
19/10/2019 - 3:45:45.75Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:45.75Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:45.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:45.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:45.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:45.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:45.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:45.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:45.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:45.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:45.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:45.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:45.168Unknown2124C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.231Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.231Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.231Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.231Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.340Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.356Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.403Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:45.403Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 3:45:45.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.403Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:45.403Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 3:45:45.403Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:45.684Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:45.700Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:45.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:45.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.715Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.715Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.715Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.715Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.715Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.715Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.778Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.825Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.825Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.825Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.825Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:45.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:45.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:45.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:46.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:46.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:46.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:46.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:46.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:46.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:46.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:46.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 3:45:46.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:46.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:46.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:46.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
19/10/2019 - 3:45:46.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 3:45:46.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 3:45:46.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
19/10/2019 - 3:45:46.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 3:45:46.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 3:45:46.247Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.247Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.247Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
19/10/2019 - 3:45:46.247Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 3:45:46.293Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 3:45:46.575Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
19/10/2019 - 3:45:46.575Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:45:46.575Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:45:46.622Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
19/10/2019 - 3:45:46.622Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:45:46.622Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:45:46.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
19/10/2019 - 3:45:46.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 3:45:46.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 3:45:46.668Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
19/10/2019 - 3:45:46.668Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 3:45:46.715Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 3:45:46.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
19/10/2019 - 3:45:46.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 3:45:46.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 3:45:46.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
19/10/2019 - 3:45:46.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 3:45:46.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Write1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Write1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Write1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3TLCL45CFKHIWJ2PG2FW.temp3TLCL45CFKHIWJ2PG2FW.temp
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:47.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:47.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
19/10/2019 - 3:45:47.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Write2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Write2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Write2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntmarta.dll
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11120e.TMP
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11120e.TMPd93f411851d7c929.customDestinations-ms~RF11120e.TMP
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9R2ZEBK4NTP87GC2INI0.temp9R2ZEBK4NTP87GC2INI0.temp
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11120e.TMP
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 3:45:47.200Delete2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11120e.TMP
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
19/10/2019 - 3:45:47.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 3:45:47.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 3:45:47.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 3:45:47.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.215Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:47.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.278Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.278Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.278Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.278Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 3:45:47.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:47.293Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:47.293Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 3:45:47.293Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 3:45:47.293Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.293Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.293Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.293Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.293Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:47.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:47.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 3:45:47.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.497Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.497Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.497Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.497Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.497Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.512Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
19/10/2019 - 3:45:47.512Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 3:45:47.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
19/10/2019 - 3:45:47.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
19/10/2019 - 3:45:47.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.528Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.528Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.528Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.528Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.637Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.637Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.637Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.637Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.684Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.731Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.731Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.731Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.778Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.778Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.778Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.778Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.684Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.778Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.778Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.778Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.778Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.825Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.825Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.825Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.840Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:47.840Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.840Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.840Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.856Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.856Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.856Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
19/10/2019 - 3:45:47.903Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.903Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.903Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.950Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.950Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 3:45:47.950Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.965Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.997Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:47.997Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.28Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 3:45:48.75Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.75Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 3:45:48.75Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.75Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.75Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.122Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.122Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.122Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.122Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
19/10/2019 - 3:45:48.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 3:45:48.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.309Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.309Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
19/10/2019 - 3:45:48.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.356Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
19/10/2019 - 3:45:48.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.356Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
19/10/2019 - 3:45:48.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.450Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.450Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
19/10/2019 - 3:45:48.450Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
19/10/2019 - 3:45:48.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
19/10/2019 - 3:45:48.637Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
19/10/2019 - 3:45:48.778Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.778Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.778Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.778Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.778Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 3:45:48.825Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.825Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.825Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.887Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 3:45:48.887Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.887Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 3:45:48.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.887Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.887Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.887Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.997Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.43Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.137Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.231Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.278Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.325Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.372Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:49.372Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.372Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:49.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:49.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.434Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:49.434Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.434Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:49.434Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.434Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:49.434Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.450Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.450Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:49.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:49.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:49.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 3:45:49.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 3:45:49.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.528Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.528Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.528Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.543Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.543Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.543Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.543Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.543Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.559Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.559Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:49.559Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:49.559Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.575Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.575Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.575Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.575Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:49.575Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.575Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:49.575Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 3:45:49.575Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 3:45:49.575Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:49.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.590Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:49.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:49.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.606Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.653Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.653Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.653Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.653Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.653Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.653Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.653Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.653Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.700Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.747Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.747Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.747Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.809Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:49.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:49.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.872Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.950Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.997Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.43Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.137Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.231Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.325Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 3:45:50.278Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 3:45:50.418Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.418Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 3:45:50.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.465Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.465Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 3:45:50.465Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.512Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.559Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.559Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.559Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:50.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:50.700Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.700Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.700Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.747Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:50.747Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.747Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.747Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.747Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.747Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.793Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.793Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.793Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.793Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.793Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.793Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.840Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:50.840Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.840Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.840Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.840Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.840Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 3:45:50.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 3:45:50.981Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:50.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 3:45:50.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:50.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.28Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.28Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 3:45:51.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.168Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:51.215Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.309Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.309Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.450Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.543Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.543Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.450Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.590Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:51.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.590Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.606Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.606Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:51.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.606Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.622Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.622Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:51.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.637Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.637Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.637Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:51.653Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.887Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.887Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.887Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:51.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:51.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:51.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:51.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:51.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:51.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:51.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:51.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:51.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:52.12Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:52.59Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:52.59Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:52.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:52.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:52.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:52.153Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:52.200Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:52.247Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.293Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.340Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.387Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.434Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.481Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.528Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.575Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.622Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.668Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.715Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.762Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.809Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.903Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:52.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:52.997Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.43Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:53.184Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.231Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.325Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.372Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.418Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.559Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.653Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:53.700Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.747Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:53.840Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.887Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:53.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:54.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:54.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:54.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.215Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:54.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:54.356Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.309Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.497Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.497Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.543Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.543Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.543Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.637Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.684Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.731Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.778Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.778Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.918Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:54.965Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:54.965Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:54.965Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:55.12Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.59Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.59Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.59Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.59Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:55.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.168Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:55.184Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.231Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
19/10/2019 - 3:45:55.231Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 3:45:55.231Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 3:45:55.231Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
19/10/2019 - 3:45:55.231Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 3:45:55.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 3:45:55.372Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 3:45:55.372Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 3:45:55.372Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.372Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:55.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:55.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:55.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:55.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:55.434Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:55.434Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:55.434Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:55.434Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.434Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:55.434Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 3:45:55.434Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 3:45:55.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:55.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:55.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:55.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:55.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:55.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:55.559Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.606Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.653Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.981Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.28Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.75Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.122Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:56.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:56.215Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.215Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:56.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.262Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:56.262Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:56.309Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.356Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:56.543Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.543Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:56.543Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.559Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.606Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.684Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.731Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.903Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.950Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.106Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:57.106Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.106Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:57.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.262Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.262Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:57.262Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:57.325Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.372Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.418Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.465Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.512Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.559Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:57.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:58.28Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.75Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.122Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.215Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.278Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.465Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.512Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.559Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.606Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.653Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.700Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.793Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:58.981Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:59.28Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:59.106Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:59.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:59.200Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.247Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.293Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.434Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.481Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.528Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.575Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.622Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:59.668Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:59.715Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:59.762Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:59.809Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:59.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:59.903Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:59.950Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:59.997Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:0.43Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:0.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:0.90Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:0.90Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:46:0.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:0.137Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:0.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:46:0.137Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:46:0.137Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.137Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:46:0.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:46:0.184Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.184Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:46:0.278Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.278Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:46:0.278Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:0.278Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:46:0.278Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.278Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.278Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.278Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:46:0.278Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:0.278Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:46:0.325Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:0.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:46:0.325Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:0.325Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:0.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:46:0.325Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:0.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:46:0.325Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:0.325Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:0.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.325Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.325Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.325Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:46:0.325Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:0.325Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:46:0.340Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:0.340Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:46:0.340Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:0.340Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.340Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.340Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.340Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.340Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.356Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:46:0.356Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:46:0.403Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.543Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.590Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:0.637Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.684Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.747Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:46:0.747Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:46:0.825Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:46:0.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:46:0.887Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:46:0.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.934Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:46:0.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:46:0.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:46:0.950Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:46:0.950Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:46:0.965Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:0.965Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.965Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.965Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.997Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:46:0.997Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.43Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.90Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.90Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:46:1.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.106Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:1.90Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.106Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.122Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:46:1.137Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:1.153Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:46:1.153Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:46:1.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:46:1.168Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:46:1.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.168Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:46:1.168Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:46:1.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.247Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.247Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.247Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.247Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.247Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.247Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.247Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:46:1.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:46:1.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:46:1.262Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:46:1.340Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.340Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.340Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.340Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.340Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.387Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.387Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.387Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.434Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.434Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.434Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:1.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
19/10/2019 - 3:46:1.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
19/10/2019 - 3:46:1.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:1.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.512Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.512Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:1.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
19/10/2019 - 3:46:1.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
19/10/2019 - 3:46:1.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:1.528Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:1.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:1.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:46:1.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:46:1.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.856Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:46:1.856Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:46:1.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.856Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.856Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.856Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.872Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.872Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.918Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:1.934Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:46:1.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:2.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:2.28Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.28Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.28Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.28Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.28Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.28Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.28Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.28Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.43Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:2.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.43Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:2.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.106Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.106Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.184Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.200Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.200Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.293Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.293Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.309Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.309Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:2.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.403Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.403Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.450Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:46:2.637Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:46:2.684Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.856Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:2.997Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 3:46:2.997Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 3:46:3.184Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.184Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 3:46:3.184Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.184Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.231Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.231Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 3:46:3.231Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.278Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.325Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.372Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.418Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.465Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.512Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.559Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.606Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.653Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.700Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.747Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.934Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.934Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.981Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.28Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:46:4.28Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:46:4.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.75Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:46:4.75Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:46:4.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.168Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.215Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.262Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.262Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.356Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.403Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.450Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.497Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.497Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.497Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.497Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.497Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.543Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:46:4.543Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.543Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.543Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.543Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.543Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.543Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.543Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:4.543Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:46:4.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.543Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.543Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.590Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.637Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.637Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.637Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.684Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.684Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.684Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.731Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.778Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.793Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.872Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.918Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:4.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
19/10/2019 - 3:46:4.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
19/10/2019 - 3:46:4.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
19/10/2019 - 3:46:4.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
19/10/2019 - 3:46:5.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
19/10/2019 - 3:46:5.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
19/10/2019 - 3:46:5.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
19/10/2019 - 3:46:5.43Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
19/10/2019 - 3:46:5.153Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:5.262Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:46:5.293Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:5.387Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:5.559Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
19/10/2019 - 3:46:5.606Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
19/10/2019 - 3:46:5.606Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:5.653Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:5.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:5.700Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:5.747Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:5.747Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:5.653Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:5.793Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:5.793Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:5.840Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:5.840Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:5.840Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:5.887Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:5.981Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:5.981Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:5.981Read1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.28Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.75Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:6.122Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:6.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:6.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:6.122Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.122Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:6.122Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.122Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.122Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:6.137Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:6.122Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:6.137Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:6.137Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:6.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.137Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.137Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Unknown2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.153Open2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:6.153Read2560C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:6.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:6.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.153Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:6.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.153Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Open1672C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.184Unknown1672C:\Windows\SysWOW64\WindowsPowerSh