Report #677 check_circle

  • Creation Date: Oct. 19, 2019, 2:20 a.m.
  • Last Update: Oct. 19, 2019, 4:28 a.m.
  • File: 025
  • Results:
Binary
DLL
False cancel
Size
2.38MB
trid
48.1% Win32 EXE PECompact compressed
32.0% Win64 Executable
7.6% Win32 Dynamic Link Library
5.2% Win32 Executable
2.3% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
7199a23ebd5ff86471bf2c4c7a7ae994
sha1
ce262f28193dd59bba1b0922806aae9e9d23d7a9
crc32
0x405a3ba5
sha224
d9984fbf36446cf99182c3a5bf24062f7cb9378d6335d03fc0cf1293
sha256
cec58cb00796326286a3844200bccc512f1d62b4742f0a2a5023f4e68003a0ce
sha384
2dd6004b0005c73d360b729993e224f723c2d6975f4c61cb549748dc4b4eea969fae986cd7c664c23b9c0e9296e844fc
sha512
3701f18694d1b3042018ee4368d03f33c9b32f06df6b9ea13ffee9940b769ec42f53fda861f6f8f24b47ff601adec3b985a6beb9863aeef614e52bb89acec9f4
ssdeep
49152:bZ3960nzkgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+swIOTz:bh960z45jKNOj+7
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, HasDebugData, BASE64_table, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, DebuggerException__SetConsoleCtrl, spreading_share, create_service, antisb_threatExpert, network_dns, cred_local, network_http, win_files_operation, IsPE32, win_hook, disable_dep, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, maldoc_find_kernel32_base_method_1, migrate_apc, IsWindowsGUI, Big_Numbers5, DebuggerHiding__Thread, network_udp_sock, anti_dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpreter, Microsoft_Visual_Cpp_8, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Check_Dlls, System_Tools, create_com_service, powershell, Big_Numbers0

Suspicious
True check_circle

Strings
List
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost
Matches
0.exe, 383 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.heaventools.com
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll, ADVAPI32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 348160
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 424168
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .gfids, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 14.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5880
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll, advapi32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-10-25 12:25:40
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 3

pushret
.data: 129
.rsrc: 21
.rdata: 1

pushpopmath
.data: 78
.rsrc: 3
.text: 1
.rdata: 1
.reloc: 7

sizeofimage
.text: 1

ss register
.data: 3

garbagebytes
.data: 37
.rdata: 1

hookdetection
.data: 6
.rdata: 1

peb ntglobalflag
.text: 1

software breakpoint
.data: 3

fakeconditionaljumps
.data: 4

programcontrolflowchange
.data: 33
.rdata: 1

cpuinstructionsresultscomparison
.rsrc: 51

AVclass
trickster
1
VirusTotal
md5
7199a23ebd5ff86471bf2c4c7a7ae994
sha1
ce262f28193dd59bba1b0922806aae9e9d23d7a9
SCANS
AVG
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=84)
update: 20190906
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190906
version: 5.60
detected: True check_circle

Bkav
update: 20190903
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan ( 0052f20f1 )
update: 20190906
version: 11.65.31928
detected: True check_circle

ALYac
result: Trojan.GenericKD.31316733
update: 20190906
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1038951
update: 20190906
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Downloader.JOLS-4607
update: 20190906
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Trojan.MulDrop8.57069
update: 20190906
version: 7.0.41.7240
detected: True check_circle

GData
result: Trojan.GenericKD.31316733
update: 20190906
version: A:25.23285B:26.15960
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190905
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.TrojanBanker.Trickster
update: 20190905
version: 4.0.0
detected: True check_circle

VIPRE
update: 20190905
version: 77652
detected: False cancel

Zoner
result: Trojan.Win32.73621
update: 20190906
version: 1.0.0.1
detected: True check_circle

ClamAV
result: Win.Packed.Trickbot-6735930-0
update: 20190905
version: 0.101.4.0
detected: True check_circle

Comodo
update: 20190906
version: 31432
detected: False cancel

F-Prot
result: W32/Downldr2.JABO
update: 20190906
version: 4.7.1.166
detected: True check_circle

Ikarus
update: 20190905
version: 0.1.5.2
detected: False cancel

McAfee
result: Artemis!7199A23EBD5F
update: 20190906
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.TrickBot!8.E313 (TFE:5:lnlNdgxRy9R)
update: 20190906
version: 25.0.0.24
detected: True check_circle

Sophos
update: 20190906
version: 4.98.0
detected: False cancel

Yandex
result: Trojan.PWS.Trickster!
update: 20190822
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Trickster.Win32.1139
update: 20190905
version: 2.0.0.3894
detected: True check_circle

Acronis
result: suspicious
update: 20190904
version: 1.1.1.56
detected: True check_circle

Alibaba
result: Trojan:Win32/MereTam.c0ce6127
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D1DDDAFD
update: 20190906
version: 1.0.0.856
detected: True check_circle

Cylance
result: Unsafe
update: 20190906
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190819
version: 3.0.14
detected: True check_circle

FireEye
result: Generic.mg.7199a23ebd5ff864
update: 20190906
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190906
version: 2019-09-06.01
detected: False cancel

Tencent
result: Win32.Trojan.Generic.Agld
update: 20190906
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Agent.392704.E
update: 20190905
version: 2014.3.20.0
detected: True check_circle

Webroot
result: Pua.Adware.Gen
update: 20190906
version: 1.0.0.403
detected: True check_circle

eGambit
result: Trojan.Generic
update: 20190906
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.31316733
update: 20190906
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Trickybot.4!c
update: 20190906
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.31316733 (B)
update: 20190906
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1038951
update: 20190905
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20190906
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.Banker.Trickster.do
update: 20190906
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190906
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190906
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Trickybot
update: 20190906
version: 1.10.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Trickbot.C2788945
update: 20190906
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.Trickster
update: 20190906
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20190906
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/MereTam.A!bit
update: 20190906
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
result: HEUR/QVM10.1.B2C7.Malware.Gen
update: 20190906
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
update: 20190906
version: 1.0
detected: False cancel

Cybereason
result: malicious.ebd5ff
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/TrickBot.AQ
update: 20190906
version: 19974
detected: True check_circle

TrendMicro
update: 20190906
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.31316733
update: 20190906
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0052f20f1 )
update: 20190906
version: 11.65.31928
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190905
version: 190905-02
detected: False cancel

Malwarebytes
result: Trojan.TrickBot
update: 20190906
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190906
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Mauvaise.SL1
update: 20190905
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Trickster.fjqcdj
update: 20190906
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.31316733
update: 20190906
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190830
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.AdwareInstCap.vh
update: 20190906
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190906
version: 10.0.0.1040
detected: False cancel

total
70
sha256
cec58cb00796326286a3844200bccc512f1d62b4742f0a2a5023f4e68003a0ce
scan_id
cec58cb00796326286a3844200bccc512f1d62b4742f0a2a5023f4e68003a0ce-1567748875
resource
7199a23ebd5ff86471bf2c4c7a7ae994
positives
52
scan_date
2019-09-06 05:47:55
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 3:45:42.793Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:42.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:45:42.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:45:42.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WSOG\ui\SwDRM.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\Prefetch\MALWASE.EXE-7A55C22B.pf
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:42.887Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:42.887Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\WSOG\CRYPTSP.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:42.903Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 3:45:42.903Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:42.903Read1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:42.918Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:42.918Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:42.918Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 3:45:42.918Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 3:45:42.918Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 3:45:42.918Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:42.918Write1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:42.918Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 3:45:42.981Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:42.981Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:42.981Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:42.981Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:42.981Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:42.981Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:42.997Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:42.997Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\
19/10/2019 - 3:45:42.997Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\
19/10/2019 - 3:45:42.997Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.12Read1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.12Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.12Read1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.75Read652C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.75Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.75Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.90Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.90Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.106Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.106Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.106Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\
19/10/2019 - 3:45:43.106Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:43.106Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.106Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.106Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.122Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.122Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.122Read1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.122Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.122Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:43.122Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:43.122Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32
19/10/2019 - 3:45:43.122Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32
19/10/2019 - 3:45:43.122Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:43.122Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:43.122Open1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:43.122Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.293Read2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.293Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.293Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.309Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.309Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.309Read532C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.309Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.309Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.325Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.325Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.325Open1764C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SVCHOST.EXE-3AFE2219.pf
19/10/2019 - 3:45:43.325Open1764C:\Windows\System32\svchost.exeC:\Windows\System32
19/10/2019 - 3:45:43.325Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll
19/10/2019 - 3:45:43.325Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll
19/10/2019 - 3:45:43.403Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:43.403Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:43.403Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:43.403Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:43.403Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:43.403Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\winhttp.dll
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\winhttp.dll
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\webio.dll
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\webio.dll
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG\IPHLPAPI.dll
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\IPHLPAPI.DLL
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\IPHLPAPI.DLL
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG\WINNSI.DLL
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\winnsi.dll
19/10/2019 - 3:45:43.418Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\winnsi.dll
19/10/2019 - 3:45:43.543Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 3:45:43.543Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:45:43.543Unknown1820C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.543Unknown1820C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.653Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.668Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.668Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.668Read652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.668Open652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.747Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.747Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.762Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:43.762Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.762Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:45:43.762Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.762Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.762Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.762Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.778Read2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.778Open2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.793Unknown2496C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 3:45:43.793Open2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.856Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:43.856Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.856Unknown532C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.856Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:43.856Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.856Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:43.856Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:43.856Read532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:43.872Open532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.872Unknown2140C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 3:45:43.872Open2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 3:45:43.872Unknown2496C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.872Unknown2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.887Unknown2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 3:45:43.887Unknown2496C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:43.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
19/10/2019 - 3:45:43.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:45:43.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:45:43.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:45:43.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:45:43.950Unknown2140C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 3:45:43.950Unknown2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.950Unknown2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 3:45:43.950Unknown2140C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 3:45:43.950Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.950Unknown652C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:43.981Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:45:43.981Unknown2548C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.231Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Windows
19/10/2019 - 3:45:44.231Unknown1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:44.231Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 3:45:44.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.231Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:44.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:44.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 3:45:44.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 3:45:44.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:44.340Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:44.340Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.340Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:44.340Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.340Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:44.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 3:45:44.372Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:44.372Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 3:45:44.450Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.450Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:44.450Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.450Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:45:44.450Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:44.512Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:44.512Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 3:45:44.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.528Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:45:44.528Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:45:44.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
19/10/2019 - 3:45:44.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 3:45:44.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 3:45:44.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
19/10/2019 - 3:45:44.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.tempJOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.tempJOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.tempJOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.tempJOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.tempJOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntmarta.dll
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11080b.TMP
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11080b.TMPd93f411851d7c929.customDestinations-ms~RF11080b.TMP
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOW0I433AK8FVIPAY5OR.tempJOW0I433AK8FVIPAY5OR.temp
19/10/2019 - 3:45:44.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11080b.TMP
19/10/2019 - 3:45:44.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 3:45:44.637Delete2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11080b.TMP
19/10/2019 - 3:45:44.747Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:44.793Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:44.793Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:44.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:46.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:46.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:46.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:46.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:46.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:46.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:46.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:46.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:46.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:46.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:45:46.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:46.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:46.43Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 3:45:46.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
19/10/2019 - 3:45:46.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
19/10/2019 - 3:45:46.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
19/10/2019 - 3:45:46.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 3:45:46.43Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.200Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.340Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.387Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.434Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.481Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.528Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.668Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.762Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.856Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:46.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.137Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.137Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
19/10/2019 - 3:45:47.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.153Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.168Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
19/10/2019 - 3:45:47.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.325Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.418Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.465Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
19/10/2019 - 3:45:47.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 3:45:47.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
19/10/2019 - 3:45:47.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
19/10/2019 - 3:45:47.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 3:45:47.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 3:45:47.700Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:47.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:47.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.950Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.950Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.950Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.965Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:47.965Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.965Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.965Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 3:45:47.981Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:47.981Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.981Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.981Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:47.997Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:48.12Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.12Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.12Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.12Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.12Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 3:45:48.43Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.59Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.90Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.90Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.90Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
19/10/2019 - 3:45:48.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 3:45:48.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.215Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.278Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.325Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.372Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
19/10/2019 - 3:45:48.559Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.559Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 3:45:48.559Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.559Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.575Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.575Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.575Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.575Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:45:48.575Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.668Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.715Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:48.825Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:48.825Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.825Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.825Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.872Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.872Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:48.872Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:48.872Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.872Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.872Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 3:45:48.872Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 3:45:48.872Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.872Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 3:45:48.872Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.872Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.872Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.872Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.872Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 3:45:48.887Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.887Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.887Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.887Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.887Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.887Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:48.887Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:48.887Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:48.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:48.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 3:45:49.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.200Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.200Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.200Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.200Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:45:49.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 3:45:49.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.262Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.325Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.372Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.418Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.465Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:49.512Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:49.653Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.700Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.793Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.840Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:49.981Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 3:45:50.75Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.75Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 3:45:50.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.168Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:45:50.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:50.262Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:45:50.262Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.278Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.278Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.278Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:45:50.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:45:50.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 3:45:50.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:45:50.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.528Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:45:50.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
19/10/2019 - 3:45:50.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 3:45:50.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:50.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:50.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:50.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.887Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.887Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:50.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:50.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.934Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:50.997Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:53.793Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 3:45:53.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:53.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:54.75Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.75Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:45:54.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:54.231Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:54.278Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:54.278Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.278Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.278Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.278Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.325Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.372Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:54.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:54.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.528Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.543Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:45:54.543Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
19/10/2019 - 3:45:54.590Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 3:45:54.590Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 3:45:54.590Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 3:45:54.590Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 3:45:54.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:54.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:54.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:54.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:54.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:54.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:45:54.606Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.637Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 3:45:54.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 3:45:54.637Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:54.684Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.731Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.778Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.872Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:54.965Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.184Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 3:45:55.231Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.278Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:55.325Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.418Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:55.465Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.59Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:56.59Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 3:45:56.106Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 3:45:56.122Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.340Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.387Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.434Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.481Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.668Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:45:56.762Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.856Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:56.950Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:45:58.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:58.950Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:45:58.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:45:58.950Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:58.950Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:45:58.965Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:58.965Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:45:58.965Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:58.965Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:45:58.965Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:58.965Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:45:58.965Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:58.965Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:45:59.12Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.12Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:45:59.28Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:45:59.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:45:59.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:45:59.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 3:45:59.28Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:45:59.28Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 3:45:59.43Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 3:45:59.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:45:59.497Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.543Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.543Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.590Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 3:45:59.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 3:45:59.653Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:45:59.653Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.653Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.715Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 3:45:59.715Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 3:45:59.747Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 3:45:59.747Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 3:45:59.747Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 3:45:59.809Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.809Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 3:45:59.809Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 3:45:59.825Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.825Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 3:45:59.903Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.903Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.918Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.918Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.918Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 3:45:59.918Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.918Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 3:45:59.918Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 3:45:59.997Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:59.997Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:59.997Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:45:59.997Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.43Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.43Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:0.90Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:0.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:0.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.90Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
19/10/2019 - 3:46:0.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
19/10/2019 - 3:46:0.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:0.106Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:0.465Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:0.465Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:46:0.465Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 3:46:0.465Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:0.512Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:0.559Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:0.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.606Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.653Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 3:46:0.653Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:0.668Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 3:46:0.668Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:0.668Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:0.684Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:0.684Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:0.684Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 3:46:0.684Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.684Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:0.747Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.747Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.747Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.747Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.840Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.934Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:0.934Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:1.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.12Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.137Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:46:1.200Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 3:46:1.247Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:1.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 3:46:1.684Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:1.684Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:46:2.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:2.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:2.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:2.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 3:46:2.309Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.309Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:46:2.309Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:2.309Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:2.309Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.309Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:2.356Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 3:46:3.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
19/10/2019 - 3:46:3.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
19/10/2019 - 3:46:3.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
19/10/2019 - 3:46:3.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
19/10/2019 - 3:46:3.715Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:46:3.793Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 3:46:3.887Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.59Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
19/10/2019 - 3:46:4.106Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.153Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:4.153Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:4.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:4.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:4.247Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:4.247Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:4.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:4.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:4.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 3:46:4.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:4.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:4.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:4.293Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 3:46:4.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:4.293Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:4.293Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:4.309Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.372Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.418Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:4.434Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.434Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.497Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 3:46:4.512Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 3:46:4.575Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 3:46:4.575Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 3:46:4.575Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 3:46:4.622Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 3:46:4.668Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 3:46:4.762Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.762Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 3:46:4.762Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:4.762Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:4.762Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:4.762Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:4.762Read2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\symbols\dll\System.Management.Automation.pdb
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\dll\System.Management.Automation.pdb
19/10/2019 - 3:46:4.762Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System.Management.Automation.pdb
19/10/2019 - 3:46:4.762Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 3:46:6.622Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:6.622Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2608.1117562
19/10/2019 - 3:46:6.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2608.1117562
19/10/2019 - 3:46:6.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2608.1117578
19/10/2019 - 3:46:6.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\netutils.dll
19/10/2019 - 3:46:6.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 3:46:6.622Open2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 3:46:6.637Unknown2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 3:46:6.637Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:6.637Unknown532C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG
19/10/2019 - 3:46:11.934Unknown1764C:\Windows\System32\svchost.exeC:\Windows\System32
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG\Ncrypt.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\ncrypt.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\ncrypt.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG\bcrypt.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\bcrypt.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\bcrypt.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\rpcss.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\rpcss.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\rpcss.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\rpcss.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG\CRYPTBASE.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\cryptbase.dll
19/10/2019 - 3:46:11.934Unknown1764C:\Windows\System32\svchost.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
19/10/2019 - 3:46:11.934Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\cryptbase.dll
19/10/2019 - 3:46:11.934Unknown1764C:\Windows\System32\svchost.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
19/10/2019 - 3:46:12.28Open1764C:\Windows\System32\svchost.exeC:\
19/10/2019 - 3:46:12.28Unknown1764C:\Windows\System32\svchost.exeC:\
19/10/2019 - 3:46:12.28Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG\malwase.tmp
19/10/2019 - 3:46:12.28Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\taskschd.dll
19/10/2019 - 3:46:12.28Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\taskschd.dll
19/10/2019 - 3:46:12.28Open1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG\SspiCli.dll
19/10/2019 - 3:46:12.28Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\sspicli.dll
19/10/2019 - 3:46:12.28Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\sspicli.dll
19/10/2019 - 3:46:12.75Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\tzres.dll
19/10/2019 - 3:46:12.75Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\tzres.dll
19/10/2019 - 3:46:12.75Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\tzres.dll
19/10/2019 - 3:46:12.75Open1764C:\Windows\System32\svchost.exeC:\Windows\System32\tzres.dll
19/10/2019 - 3:46:13.668Open1764C:\Windows\System32\svchost.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:46:13.668Unknown1764C:\Windows\System32\svchost.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:46:14.543Unknown1764C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\WSOG

Process
Trace
19/10/2019 - 3:45:42.840Create1480C:\malware.exe1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:45:42.997Create1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe652C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.12Create1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe2548C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.106Create1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe532C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.122Create1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe1764C:\Windows\System32\svchost.exe
19/10/2019 - 3:45:43.543Terminate1480C:\malware.exe1820C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.606Terminate1480C:\malware.exe2752C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.653Create652C:\Windows\SysWOW64\cmd.exe2496C:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.778Create2548C:\Windows\SysWOW64\cmd.exe2140C:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.856Create532C:\Windows\SysWOW64\cmd.exe2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:45:43.872Terminate652C:\Windows\SysWOW64\cmd.exe2496C:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.950Terminate2548C:\Windows\SysWOW64\cmd.exe2140C:\Windows\SysWOW64\sc.exe
19/10/2019 - 3:45:43.950Terminate1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe652C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:43.981Terminate1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe2548C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:45:44.231Terminate1480C:\malware.exe1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe
19/10/2019 - 3:46:6.622Terminate1480C:\malware.exe2088C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:6.637Terminate532C:\Windows\SysWOW64\cmd.exe2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 3:46:6.637Terminate1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe532C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:14.543Terminate1928C:\Users\Behemot\AppData\Roaming\WSOG\malwase.exe1764C:\Windows\System32\svchost.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.247Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.262Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.340Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.356Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.356Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.372Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 3:45:44.372Write2608C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code apps.identrust.com.
computer localhost arrow_forward computer gateway:50273 code checkip.amazonaws.com.
computer localhost arrow_forward computer gateway:DNS code checkip.amazonaws.com.

Response
computer gateway:DNS arrow_forward computer localhost code apps.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code checkip.amazonaws.com. reply_all 3.224.145.145


TCP
Info
computer localhost:65191 arrow_forward 52.55.255.113:80
computer localhost:65193 arrow_forward 192.35.177.64:80
computer localhost:65192 arrow_forward help_outline 185.251.38.187:443
computer localhost:65194 arrow_forward 181.113.17.230:449
help_outline 185.251.38.187:443 arrow_forward computer localhost:65192
192.35.177.64:80 arrow_forward computer localhost:65193
52.55.255.113:80 arrow_forward computer localhost:65191

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET apps.identrust.com attach_file /roots/dstrootcax3.p7c
computer localhost send GET checkip.amazonaws.com attach_file /

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 94.86%
suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 51.00%
suspicious: True check_circle
Add to Collection
Download