Report #694 check_circle

  • Creation Date: Oct. 19, 2019, 2:21 a.m.
  • Last Update: Oct. 19, 2019, 6:08 a.m.
  • File: 042
  • Results:
Binary
DLL
False cancel
Size
2.31MB
trid
34.7% Win32 Executable Microsoft Visual Basic 6
18.2% InstallShield setup
17.6% Win32 EXE PECompact compressed
13.2% Win32 Executable MS Visual C++
11.7% Win64 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
0c12fcd1c41ddb53d6b15b0e778d0fe6
sha1
338b448b172fc47e637e82d71db0dd2c780b8137
crc32
0x924f8919
sha224
75dbeb0bb4ffa286fe8769ba6a7a5689a88496117d1da9c2a9152dce
sha256
3619977d2f4fce7ef20bf7e4c8f120008ff577743d2cea646f49079f9dc62cb4
sha384
8f3dd0e53ee4a48154ce2ccc34795b793054a94883ab21db9ed8ef2eba8a6f0dfc96394b6347ebc81c0f3c8e3b46fb49
sha512
fddf00eeeead0c52b19930b15b23527bf468b07b6c5ee5dab955dced594d42e4d88095507165edbba52fac822b04ae37694c98aa0b4cb3934b99ee09a9443947
ssdeep
49152:n9VZ7cygxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+swIOTKq5:ndcS5jKNOj+7
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, Microsoft_Visual_Basic_v50_v60, BASE64_table, escalate_priv, SEH__vba, HasRichSignature, DebuggerException__SetConsoleCtrl, spreading_share, Microsoft_Visual_Basic_v50, create_service, antisb_threatExpert, network_dns, cred_local, network_http, win_files_operation, IsPE32, Microsoft_Visual_Basic_v50v60, win_hook, disable_dep, Microsoft_Visual_Basic_v50_additional, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, migrate_apc, Microsoft_Visual_Basic_v50v60_additional, IsWindowsGUI, Big_Numbers5, DebuggerHiding__Thread, network_udp_sock, anti_dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpreter, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Check_Dlls, System_Tools, create_com_service, powershell, Big_Numbers0

Suspicious
True check_circle

Strings
List
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost
Matches
0.exe, 320 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: USER32.DLL, KERNEL32.DLL, OLEAUT32.DLL, MSVBVM60.DLL, VBA6.DLL
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 274432
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 122763
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5748
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, oleaut32.dll, msvbvm60.dll
hasLibs: True check_circle
Suspicious: vba6.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-11-30 06:35:12
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0 - v6.0, Microsoft Visual Basic v5.0

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 149
.text: 1

nopsequence
.text: 47

pushpopmath
.rsrc: 61
.text: 2

ss register
.rsrc: 2

garbagebytes
.rsrc: 56
.text: 1

hookdetection
.rsrc: 7

stealthimport
.rsrc: 1

software breakpoint
.rsrc: 7

fakeconditionaljumps
.rsrc: 1

programcontrolflowchange
.rsrc: 55
.text: 1

cpuinstructionsresultscomparison
.rsrc: 2
.text: 2

AVclass
mansabo
1
VirusTotal
md5
0c12fcd1c41ddb53d6b15b0e778d0fe6
sha1
338b448b172fc47e637e82d71db0dd2c780b8137
SCANS
AVG
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=88)
update: 20190906
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190906
version: 5.60
detected: True check_circle

K7GW
result: Riskware ( 0040eff71 )
update: 20190906
version: 11.65.31928
detected: True check_circle

ALYac
result: Trojan.GenericKD.40799810
update: 20190906
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20190906
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Autorunskds.AYCJ-1693
update: 20190906
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Trojan.DownLoader27.17782
update: 20190906
version: 7.0.41.7240
detected: True check_circle

GData
result: Trojan.GenericKD.40799810
update: 20190906
version: A:25.23285B:26.15960
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190905
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.Mansabo
update: 20190905
version: 4.0.0
detected: True check_circle

VIPRE
update: 20190906
version: 77674
detected: False cancel

Zoner
result: Trojan.Win32.75047
update: 20190906
version: 1.0.0.1
detected: True check_circle

ClamAV
result: Win.Malware.Mansabo-6814085-0
update: 20190905
version: 0.101.4.0
detected: True check_circle

Comodo
update: 20190906
version: 31432
detected: False cancel

F-Prot
result: W32/Autorunskds.R
update: 20190906
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win32.MereTam
update: 20190905
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericR-ORC!0C12FCD1C41D
update: 20190906
version: 6.0.6.653
detected: True check_circle

Rising
update: 20190906
version: 25.0.0.24
detected: False cancel

Sophos
result: Troj/Trikbot-DK
update: 20190906
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Mansabo!
update: 20190822
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Mansabo.Win32.795
update: 20190905
version: 2.0.0.3894
detected: True check_circle

Acronis
result: suspicious
update: 20190904
version: 1.1.1.56
detected: True check_circle

Alibaba
result: Trojan:Win32/Mansabo.f2a58b92
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D26E8E42
update: 20190906
version: 1.0.0.856
detected: True check_circle

Cylance
result: Unsafe
update: 20190906
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190819
version: 3.0.14
detected: True check_circle

FireEye
result: Generic.mg.0c12fcd1c41ddb53
update: 20190906
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190906
version: 2019-09-06.01
detected: False cancel

Tencent
result: Win32.Trojan.Mansabo.Eyc
update: 20190906
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Mansabo.327680
update: 20190905
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Gen
update: 20190906
version: 1.0.0.403
detected: True check_circle

eGambit
result: Trojan.Generic
update: 20190906
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.40799810
update: 20190906
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Mansabo.4!c
update: 20190906
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.40799810 (B)
update: 20190906
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Dropper.Gen
update: 20190905
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Injector.ECAS!tr
update: 20190906
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Mansabo.ade
update: 20190906
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190906
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190906
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20190906
version: 1.10.0.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20190826
version: 3.1.81.800
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Mansabo.C2876326
update: 20190906
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Mansabo
update: 20190906
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.Mansabo.bqn
update: 20190906
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Skeeyah.A!bit
update: 20190906
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.B2C7.Malware.Gen
update: 20190906
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan.Win32.Mansabo.bqn
update: 20190906
version: 1.0
detected: True check_circle

Cybereason
result: malicious.1c41dd
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Injector.ECAS
update: 20190906
version: 19974
detected: True check_circle

TrendMicro
update: 20190906
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.40799810
update: 20190906
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20190906
version: 11.65.31928
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190905
version: 190905-02
detected: False cancel

Malwarebytes
result: Trojan.TrickBot
update: 20190906
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190906
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Meretam
update: 20190905
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Mansabo.fkugnc
update: 20190906
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.40799810
update: 20190906
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190830
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.vh
update: 20190906
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190906
version: 10.0.0.1040
detected: False cancel

total
69
sha256
3619977d2f4fce7ef20bf7e4c8f120008ff577743d2cea646f49079f9dc62cb4
scan_id
3619977d2f4fce7ef20bf7e4c8f120008ff577743d2cea646f49079f9dc62cb4-1567748838
resource
0c12fcd1c41ddb53d6b15b0e778d0fe6
positives
57
scan_date
2019-09-06 05:47:18
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 5:45:42.715Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:42.715Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:42.731Open1480C:\malware.exeC:\Windows\SysWOW64\VB6PT.DLL
19/10/2019 - 5:45:42.731Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:42.731Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:42.731Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:42.731Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\malware.exe.cfg
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\SXS.DLL
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\Windows\System32\C_932.NLS
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\Windows\System32\C_949.NLS
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\Windows\System32\C_950.NLS
19/10/2019 - 5:45:42.778Open1480C:\malware.exeC:\Windows\System32\C_936.NLS
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\CRYPTSP.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:42.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:42.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:42.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:42.809Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:42.809Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\dwmapi.dll
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
19/10/2019 - 5:45:42.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
19/10/2019 - 5:45:42.825Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
19/10/2019 - 5:45:42.825Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
19/10/2019 - 5:45:42.825Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:42.903Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 5:45:42.903Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
19/10/2019 - 5:45:42.903Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:42.903Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\
19/10/2019 - 5:45:43.450Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:43.450Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.450Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.450Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.450Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\
19/10/2019 - 5:45:43.465Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:43.465Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.465Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.465Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.481Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\FAQ
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.481Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.559Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.559Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.559Read2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.559Read2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.559Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.559Open2752C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:43.575Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.575Read2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.575Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.575Open2088C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:43.575Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.575Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.575Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:43.575Open2412C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.575Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\ui\SwDRM.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.590Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:43.590Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.606Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.606Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.606Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.606Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.606Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.622Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.622Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\Prefetch\MALWASE.EXE-E5579E23.pf
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:43.700Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf\MSVBVM60.DLL
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\msvbvm60.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\msvbvm60.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.700Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.731Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.731Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.825Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:43.825Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.825Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\VB6PT.DLL
19/10/2019 - 5:45:43.825Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:43.825Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:43.825Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:43.825Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe.cfg
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf\SXS.DLL
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\sxs.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\sxs.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\C_932.NLS
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\C_949.NLS
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\C_950.NLS
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\C_936.NLS
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf\CRYPTSP.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:43.903Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:43.903Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:43.903Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:43.903Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:43.918Read2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:43.918Read2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf\dwmapi.dll
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\uxtheme.dll.Config
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf\malwase.exe.Local
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:43.918Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 5:45:43.918Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\Fonts\StaticCache.dat
19/10/2019 - 5:45:43.918Read2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.918Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.981Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.981Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:43.981Unknown2412C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:43.981Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.981Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:43.997Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:43.997Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:44.43Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:44.43Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.43Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.43Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.43Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.90Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.106Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.122Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.122Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.122Read2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.122Read2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.122Open2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.122Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.137Read2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.137Open2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:44.137Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.200Unknown532C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.200Read532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:44.200Open532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 5:45:44.200Read532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:44.200Read532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles\~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF81EFA8B4105FED8D.TMP~DF81EFA8B4105FED8D.TMP
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.215Unknown1764C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.215Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.215Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.247Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.247Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:44.293Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:44.293Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.293Unknown2412C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.293Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:44.293Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:44.293Unknown2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:44.293Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.293Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.293Read2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.293Open2412C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
19/10/2019 - 5:45:44.293Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.293Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.293Unknown532C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.293Unknown532C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.309Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:44.309Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:44.309Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.309Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:44.356Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.356Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.356Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
19/10/2019 - 5:45:44.356Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
19/10/2019 - 5:45:44.356Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.372Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:44.372Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:44.372Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:44.372Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:44.372Open1764C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 5:45:44.372Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.372Unknown2088C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.450Unknown1764C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:44.450Unknown1764C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.450Unknown1764C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.465Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 5:45:44.465Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:44.465Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:44.465Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:44.465Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:44.465Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Read2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.512Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.512Read2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.528Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\
19/10/2019 - 5:45:44.528Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:44.528Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.528Read2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.528Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:44.543Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.543Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.543Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32
19/10/2019 - 5:45:44.543Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32
19/10/2019 - 5:45:44.543Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 5:45:44.543Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 5:45:44.543Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 5:45:44.543Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\System32\svchost.exe
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 5:45:44.543Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
19/10/2019 - 5:45:44.543Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:44.543Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:44.559Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:45:44.559Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:44.559Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:44.559Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:44.559Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:44.559Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:44.575Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 5:45:44.575Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 5:45:44.575Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:44.575Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.575Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.590Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.650Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.650Read2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.650Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.650Open2488C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:44.650Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.650Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.651Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.651Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.651Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.651Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.651Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.651Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.651Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.651Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.651Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.652Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.652Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.652Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.652Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.652Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.652Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.653Read2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.653Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.653Open2600C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:44.653Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.653Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.653Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.653Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.653Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.653Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.654Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.654Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.654Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.654Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.654Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.654Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.654Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.654Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.654Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.655Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.655Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.655Read1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.655Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:44.655Open1672C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:44.656Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.656Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.656Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.656Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.656Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.656Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:44.656Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.656Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.656Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:44.657Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.657Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.657Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:44.657Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.657Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.657Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:44.657Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.657Open1528C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SVCHOST.EXE-3AFE2219.pf
19/10/2019 - 5:45:44.658Open1528C:\Windows\System32\svchost.exeC:\Windows\System32
19/10/2019 - 5:45:44.659Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll
19/10/2019 - 5:45:44.659Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll
19/10/2019 - 5:45:44.666Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 5:45:44.666Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 5:45:44.666Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 5:45:44.666Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 5:45:44.667Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 5:45:44.667Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\imm32.dll
19/10/2019 - 5:45:44.670Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.670Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.670Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.670Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.670Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.670Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.671Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.671Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.671Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.671Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.671Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.672Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.672Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.672Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.672Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.672Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.672Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.672Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.673Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.673Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.673Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.673Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:44.673Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:44.673Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:44.674Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:44.674Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.674Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.674Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.674Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.674Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.674Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.675Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.675Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.675Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.675Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.675Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.676Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.676Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.676Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.676Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.676Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.676Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.677Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.677Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.677Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.677Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.677Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.677Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.677Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.678Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:44.678Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:44.678Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.678Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.678Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.678Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.679Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:44.679Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.679Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.679Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.679Open1672C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:44.679Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.679Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.680Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:44.680Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.680Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.680Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.680Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.680Open1672C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:44.681Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.681Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.682Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.683Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:44.683Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.683Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.683Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.683Unknown1672C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:44.683Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.683Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.684Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.684Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.684Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.685Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.685Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.685Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:44.686Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.686Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.686Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.688Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.688Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.688Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.689Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.689Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.689Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:44.689Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:44.689Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:44.689Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.689Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.690Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.692Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.692Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.692Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.707Unknown2752C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.708Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.708Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.708Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.708Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.708Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.708Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.708Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.708Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.708Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.708Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.708Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.709Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.709Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.709Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.709Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.709Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.709Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.710Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.710Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.710Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.710Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.710Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:44.710Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:44.710Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:44.711Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:44.711Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.711Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.711Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.711Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.711Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.712Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.712Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.712Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.712Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.712Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.712Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.713Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.713Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.713Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.713Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.713Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.713Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.713Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.714Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.714Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.714Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.714Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.714Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.714Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.715Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:44.715Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:44.715Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.715Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.715Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.715Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.716Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:44.716Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.716Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.716Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.716Open2488C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:44.716Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.717Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.717Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:44.717Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.717Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.717Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.717Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.718Open2488C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:44.718Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:44.718Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.718Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.718Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.718Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.718Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.718Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.718Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.719Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.720Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.720Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.720Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:44.720Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.720Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.720Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.720Unknown2488C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:44.720Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.721Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.721Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.721Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.721Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.722Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.722Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.722Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:44.723Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.723Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.723Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.725Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.725Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.725Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.725Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.726Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:44.726Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.726Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.726Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.726Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.726Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.726Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.727Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.727Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.727Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.727Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.727Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.727Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.728Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.728Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.728Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.728Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.728Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:44.728Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:44.729Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:44.729Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:44.729Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.729Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.729Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.729Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.729Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.730Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.730Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.730Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.730Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.730Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.730Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.730Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.731Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.731Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.731Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.731Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.731Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.731Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.732Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.732Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.732Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.732Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.732Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.732Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.733Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:44.733Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:44.733Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.733Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.733Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.733Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.733Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:44.734Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.734Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.734Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.734Open2600C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:44.734Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.734Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.734Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:44.735Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:44.735Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:44.735Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.735Open2600C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:44.735Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:44.736Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:44.737Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:44.738Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.738Unknown2600C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:44.738Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.738Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.738Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:44.739Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.739Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:44.739Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.740Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:44.740Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:44.740Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.741Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:44.741Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.765Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\winhttp.dll
19/10/2019 - 5:45:44.765Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\winhttp.dll
19/10/2019 - 5:45:44.766Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\webio.dll
19/10/2019 - 5:45:44.766Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\webio.dll
19/10/2019 - 5:45:44.768Open1528C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\NetSf\IPHLPAPI.dll
19/10/2019 - 5:45:44.768Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\IPHLPAPI.DLL
19/10/2019 - 5:45:44.768Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\IPHLPAPI.DLL
19/10/2019 - 5:45:44.768Open1528C:\Windows\System32\svchost.exeC:\Users\Behemot\AppData\Roaming\NetSf\WINNSI.DLL
19/10/2019 - 5:45:44.769Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\winnsi.dll
19/10/2019 - 5:45:44.769Open1528C:\Windows\System32\svchost.exeC:\Windows\System32\winnsi.dll
19/10/2019 - 5:45:44.970Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.971Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.972Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.972Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.972Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.972Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.978Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.979Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.980Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:44.980Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.1Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:45.1Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.1Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.1Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.2Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:45.2Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:45.2Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:45.3Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:45.3Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:45.3Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:45.4Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 5:45:45.4Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 5:45:45.5Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 5:45:45.6Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 5:45:45.11Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.12Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.13Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.17Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.18Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.19Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.20Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.21Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.22Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.23Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.24Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 5:45:45.24Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 5:45:45.24Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.24Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.24Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.25Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.25Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.25Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.25Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.25Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.25Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.26Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.26Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.26Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.26Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.26Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.26Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 5:45:45.27Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 5:45:45.27Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.27Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.29Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.29Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:45.29Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.29Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.29Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.30Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.30Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.30Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.30Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.30Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.30Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.30Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.33Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.33Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.33Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.35Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.35Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.36Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.36Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.36Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.37Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.108Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.110Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.110Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.122Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:45.123Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:45.124Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.124Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.125Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.125Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.126Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.126Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.126Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.126Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.128Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.128Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.129Open2488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.129Unknown2488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.129Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.129Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.129Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.129Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.130Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.130Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.130Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.130Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.130Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.130Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.131Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:45.131Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:45.131Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.131Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.131Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.131Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.132Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.132Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.133Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:45.133Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.133Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.133Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.134Open2488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.134Unknown2488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.134Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.134Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.134Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.134Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.134Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.136Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.137Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.137Read2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.140Open2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:45.154Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:45.155Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:45.156Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.156Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.158Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.158Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.158Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.158Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.159Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.159Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.161Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.161Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.161Open1672C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.161Unknown1672C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.161Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.161Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.162Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.162Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.162Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.162Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.163Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.163Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.163Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.163Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.163Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.163Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.163Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.163Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.164Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.164Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.164Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:45.164Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:45.164Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:45.164Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:45.164Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:45.164Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:45.165Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.165Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.165Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.165Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.165Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.165Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.165Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:45.165Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:45.166Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.166Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.166Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:45.175Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:45.175Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:45.176Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.177Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.178Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.178Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.179Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.179Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.179Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.179Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.181Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.182Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.182Open2600C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.182Unknown2600C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.182Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.182Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.182Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.183Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.183Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.183Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.183Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.184Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.184Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.184Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.184Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:45.184Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:45.184Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.185Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.185Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.185Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.185Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.186Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.186Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:45.187Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.187Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.187Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.187Open2600C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.187Unknown2600C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.187Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.187Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.187Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.188Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.188Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.190Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.190Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.190Read2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:45.193Open2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:45.260Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.261Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.261Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:45.261Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.262Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.262Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:45.262Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:45.262Open1672C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.262Unknown1672C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:45.262Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.262Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.262Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:45.263Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:45.263Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.263Unknown1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:45.263Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:45.263Read1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:45.266Open1672C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
19/10/2019 - 5:45:45.271Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 5:45:45.272Open2860C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.272Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:45.272Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:45.273Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:45.273Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:45.273Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:45.274Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:45.274Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:45.274Open2860C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.275Unknown2860C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.275Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.276Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.278Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.280Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 5:45:45.281Open2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 5:45:45.282Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 5:45:45.282Open2272C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.282Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:45.283Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:45.283Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:45.283Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:45.284Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:45.284Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:45.284Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:45.285Open2272C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.285Unknown2272C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.285Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.287Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.287Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.292Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 5:45:45.293Open2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 5:45:45.336Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
19/10/2019 - 5:45:45.336Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.336Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:45.337Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:45.337Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:45.338Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:45.338Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:45.338Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:45.339Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:45.339Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.340Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.340Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.341Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.342Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:45.343Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
19/10/2019 - 5:45:45.343Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 5:45:45.343Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 5:45:45.344Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
19/10/2019 - 5:45:45.345Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 5:45:45.345Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 5:45:45.346Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.347Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.348Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.348Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.348Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.348Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:45.350Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
19/10/2019 - 5:45:45.351Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.352Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.352Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.352Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.352Open2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Monitor\Files\DeletedFiles\~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.353Write2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Monitor\Files\DeletedFiles\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.352Delete2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.354Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.354Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Local\Temp\~DF31CC31137265C3F1.TMP~DF31CC31137265C3F1.TMP
19/10/2019 - 5:45:45.356Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:45.356Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:45.384Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.384Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.384Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.384Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.384Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.385Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.385Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.385Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.385Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.385Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.385Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.386Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.386Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.386Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.386Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.386Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.453Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:45.453Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:45.468Unknown2860C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.468Unknown2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.468Unknown2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 5:45:45.468Unknown2860C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:45.468Unknown2272C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:45.468Unknown2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.468Unknown2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 5:45:45.468Unknown2272C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:45.468Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows
19/10/2019 - 5:45:45.468Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Users\Behemot\AppData\Roaming\NetSf
19/10/2019 - 5:45:45.468Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.468Unknown2828C:\Users\Behemot\AppData\Roaming\NetSf\malwase.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.546Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.546Unknown2488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.546Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:45.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:45.546Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:45.546Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:45.546Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.546Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.546Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:45.562Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:45.562Unknown2600C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.562Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:45:45.562Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 5:45:45.578Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:45.578Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:45:45.578Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:45.578Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.578Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.578Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:45.578Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:45.593Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.593Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.593Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:45.609Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.609Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.609Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 5:45:45.609Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 5:45:45.609Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:45.609Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.609Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:45.609Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.609Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 5:45:45.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.703Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 5:45:45.703Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:45.703Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.703Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:45.734Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:45.734Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:45.734Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 5:45:45.781Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 5:45:45.781Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.781Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:45.781Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 5:45:45.781Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 5:45:45.781Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 5:45:45.781Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:45.781Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.796Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:45.796Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:45.859Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
19/10/2019 - 5:45:45.859Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:45.859Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:45.859Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
19/10/2019 - 5:45:45.859Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:45.921Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:46.62Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
19/10/2019 - 5:45:46.62Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:46.62Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:46.62Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
19/10/2019 - 5:45:46.62Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:46.62Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:46.156Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.203Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:46.265Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.265Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.265Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.265Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.265Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.265Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
19/10/2019 - 5:45:46.265Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.265Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.265Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.265Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.265Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.265Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.265Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.312Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
19/10/2019 - 5:45:46.356Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.356Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.356Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.356Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.357Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.357Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.357Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
19/10/2019 - 5:45:46.357Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:46.357Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:46.358Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.358Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.359Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.359Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.359Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.359Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.360Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.360Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.360Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.360Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.365Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.366Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.366Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.367Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.367Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.367Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.367Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.367Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.367Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.368Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.430Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
19/10/2019 - 5:45:46.430Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:46.430Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:46.431Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.431Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.431Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.432Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.432Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.432Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.432Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.432Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.433Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.433Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.438Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.438Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:46.439Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.439Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.478Write1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.tempYCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.478Write2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.tempR379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.479Write2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.tempR379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.479Write2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.tempR379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.479Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.tempR379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.479Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:46.479Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.479Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.480Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R379AFCZ601X5WTG7KWK.tempR379AFCZ601X5WTG7KWK.temp
19/10/2019 - 5:45:46.480Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.518Write1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.tempYCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.519Write1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.tempYCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.519Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.tempYCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.519Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:46.519Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:46.519Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:46.519Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:46.520Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.520Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.tempYCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.520Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntmarta.dll
19/10/2019 - 5:45:46.520Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
19/10/2019 - 5:45:46.520Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntmarta.dll
19/10/2019 - 5:45:46.521Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.521Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.521Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.522Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.522Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF110f6e.TMP
19/10/2019 - 5:45:46.522Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF110f6e.TMPd93f411851d7c929.customDestinations-ms~RF110f6e.TMP
19/10/2019 - 5:45:46.522Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.522Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msd93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:46.523Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.523Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.523Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YCGUSEHXK1F5EN5RAFUN.tempYCGUSEHXK1F5EN5RAFUN.temp
19/10/2019 - 5:45:46.523Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:46.524Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF110f6e.TMP
19/10/2019 - 5:45:46.524Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:45:46.524Delete1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF110f6e.TMP
19/10/2019 - 5:45:46.525Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:46.563Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:46.563Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
19/10/2019 - 5:45:46.564Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.564Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.564Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 5:45:46.564Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 5:45:46.565Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 5:45:46.565Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.565Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.565Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:46.600Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
19/10/2019 - 5:45:46.600Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.600Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.601Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 5:45:46.601Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 5:45:46.601Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 5:45:46.601Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.602Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:46.602Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:46.602Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:46.637Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:47.417Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:47.428Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:47.428Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.429Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.429Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.429Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:47.429Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:47.431Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:47.431Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.431Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.431Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:47.431Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:47.431Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.432Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.428Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:47.433Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:47.433Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.433Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.433Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.434Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:47.434Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:47.435Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:47.435Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.435Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.435Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:47.435Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:47.436Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.436Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:47.533Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:47.534Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.534Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.536Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.536Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.536Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.536Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.537Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 5:45:47.539Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
19/10/2019 - 5:45:47.544Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
19/10/2019 - 5:45:47.544Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
19/10/2019 - 5:45:47.544Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
19/10/2019 - 5:45:47.544Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
19/10/2019 - 5:45:47.545Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.546Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:47.546Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:47.546Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:47.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
19/10/2019 - 5:45:47.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
19/10/2019 - 5:45:47.549Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
19/10/2019 - 5:45:47.552Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 5:45:47.554Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.554Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 5:45:47.554Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.554Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.556Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.557Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.557Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.557Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.558Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.558Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.558Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.559Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.559Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.559Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.559Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.560Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.560Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.560Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.561Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.561Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.561Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.562Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.562Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.562Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.564Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.564Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.564Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.565Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.567Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.567Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.568Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.569Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.569Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.570Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.570Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.570Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.571Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:47.572Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:47.573Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:47.573Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.573Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.574Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.574Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.574Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.575Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.575Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.576Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.576Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.576Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.577Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.577Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.578Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.580Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.580Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.581Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.582Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.582Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.582Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.583Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.583Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.583Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.583Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
19/10/2019 - 5:45:47.584Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.584Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.585Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.585Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.587Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.587Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.588Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.589Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.597Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.597Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.597Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.602Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.602Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.602Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.603Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.603Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.609Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.610Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.637Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.637Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.638Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.638Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.638Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:47.639Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.639Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.640Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.640Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.640Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.640Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.640Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:47.640Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 5:45:47.641Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
19/10/2019 - 5:45:47.642Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
19/10/2019 - 5:45:47.642Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
19/10/2019 - 5:45:47.642Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
19/10/2019 - 5:45:47.643Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
19/10/2019 - 5:45:47.643Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.643Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.644Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.644Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:47.644Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:47.644Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:47.644Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
19/10/2019 - 5:45:47.644Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
19/10/2019 - 5:45:47.645Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.645Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
19/10/2019 - 5:45:47.646Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 5:45:47.646Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.646Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 5:45:47.647Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.647Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:47.647Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:47.647Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:47.648Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
19/10/2019 - 5:45:47.687Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.722Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.762Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.796Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:47.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.0Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.94Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.235Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.282Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.391Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.547Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.594Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.641Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.735Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.782Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:48.969Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.63Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.157Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.204Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.250Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.344Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.391Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
19/10/2019 - 5:45:49.391Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.438Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
19/10/2019 - 5:45:50.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.188Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
19/10/2019 - 5:45:50.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 5:45:50.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
19/10/2019 - 5:45:50.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
19/10/2019 - 5:45:50.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:50.329Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:50.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
19/10/2019 - 5:45:50.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 5:45:50.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
19/10/2019 - 5:45:50.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
19/10/2019 - 5:45:50.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:50.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:50.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:50.469Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.422Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.657Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.657Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.657Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.657Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.704Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.704Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.750Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.750Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.813Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.813Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:50.813Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:50.813Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:50.813Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:50.813Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:50.813Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:50.813Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.875Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.875Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.875Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.875Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.875Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:50.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.875Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:50.875Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:50.875Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:50.875Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:50.875Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.875Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:50.875Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.938Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:50.938Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:50.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 5:45:50.938Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:50.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 5:45:50.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.0Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.0Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
19/10/2019 - 5:45:51.0Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.0Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 5:45:51.47Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.47Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 5:45:51.94Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.188Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.422Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.469Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.516Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.563Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.610Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.657Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.750Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.938Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:51.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.32Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.32Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.79Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.32Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.79Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.79Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.125Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.266Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.266Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.266Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.266Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:52.407Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:52.407Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:52.407Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
19/10/2019 - 5:45:52.407Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.407Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.438Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
19/10/2019 - 5:45:52.438Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.454Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.454Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.454Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:52.454Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 5:45:52.454Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.454Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 5:45:52.454Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.454Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:52.500Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:52.500Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:52.500Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 5:45:52.500Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
19/10/2019 - 5:45:52.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
19/10/2019 - 5:45:52.500Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.516Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.516Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
19/10/2019 - 5:45:52.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
19/10/2019 - 5:45:52.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 5:45:52.516Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 5:45:52.516Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.516Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:52.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.672Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.719Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.766Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.813Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:52.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:53.0Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:53.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:53.94Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:53.188Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:53.235Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.282Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.516Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.610Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.657Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:53.657Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.657Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:53.657Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.657Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:53.657Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.657Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.704Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:53.704Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.704Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:53.704Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.704Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:53.704Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.719Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.719Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:45:53.719Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 5:45:53.719Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.719Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 5:45:53.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.735Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.750Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.750Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.750Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:45:53.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:45:53.750Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:45:53.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 5:45:53.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 5:45:53.844Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:45:53.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:53.907Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.907Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.907Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.907Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:45:53.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:45:53.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:53.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:45:53.985Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:54.94Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:54.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.188Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.235Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.282Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.516Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:54.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.610Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:54.657Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:54.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.750Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:54.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.985Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.79Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.172Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 5:45:55.125Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 5:45:55.219Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.219Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 5:45:55.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.313Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.313Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 5:45:55.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.407Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.454Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.454Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.454Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.454Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:55.454Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:55.454Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.454Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.500Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:55.500Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:55.547Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.547Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.594Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.594Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.688Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.735Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.735Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.735Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.735Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.735Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.735Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.782Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:55.782Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:55.782Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:55.782Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:55.782Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.782Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.782Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.782Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.782Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.782Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:55.782Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:55.782Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:45:55.782Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.829Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:55.829Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.829Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.829Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.829Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:55.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.860Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.860Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:45:55.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.922Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.922Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:45:55.922Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 5:45:55.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 5:45:56.16Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.16Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 5:45:56.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.63Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.63Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 5:45:56.63Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.157Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.204Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.250Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.250Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.250Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:56.297Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.297Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.313Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
19/10/2019 - 5:45:56.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 5:45:56.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.329Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.329Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:45:56.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
19/10/2019 - 5:45:56.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 5:45:56.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.391Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.391Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.438Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.438Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.485Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.485Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:56.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:56.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.563Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.563Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.563Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.563Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.563Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:45:56.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:56.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:56.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:56.641Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:56.688Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:56.735Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.782Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:56.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.875Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.922Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:56.969Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:57.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:57.94Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:45:57.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.188Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.235Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.282Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.516Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.610Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.657Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.750Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:57.985Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:58.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.157Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.204Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.250Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.297Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.344Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.391Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.485Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.579Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:58.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.672Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.719Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.766Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.813Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:45:58.907Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:59.0Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:59.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.94Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:59.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:45:59.235Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.188Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.329Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.329Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.469Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.469Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.516Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.610Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.610Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.610Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.610Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.657Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.750Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:59.750Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:59.750Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.750Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.813Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.813Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 5:45:59.813Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 5:45:59.829Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 5:45:59.829Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.829Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:59.829Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:45:59.907Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
19/10/2019 - 5:45:59.907Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 5:45:59.907Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 5:45:59.907Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 5:45:59.907Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 5:45:59.922Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:59.969Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:59.969Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:0.16Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:0.16Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:0.16Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:0.16Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.16Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:0.16Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.16Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.32Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:0.32Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.32Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.47Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.47Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.47Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.47Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.47Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.47Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.47Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.47Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:0.47Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:0.94Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.188Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:0.235Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.282Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.579Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.625Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.672Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.766Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:0.985Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:0.985Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.32Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.110Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.110Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:1.110Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:1.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.407Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.454Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.500Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.547Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.594Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.641Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.688Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.735Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.782Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.829Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.875Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.922Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.969Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.16Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.63Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.110Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.157Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.204Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.250Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.344Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.391Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.438Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.485Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.532Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:2.579Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:2.625Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:2.672Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:2.719Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:2.766Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:2.813Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:2.860Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:2.907Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:2.954Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:3.0Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:3.0Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:3.0Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:3.63Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:3.63Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:3.63Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:3.63Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.63Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:3.63Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.63Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.63Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:3.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:3.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:3.63Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:3.79Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.79Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:3.79Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.79Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.79Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.79Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:3.79Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.79Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:3.125Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.125Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.125Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.125Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.125Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.125Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.125Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:3.125Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.125Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:3.125Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.125Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.125Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.125Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.125Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.125Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.141Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.125Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.141Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.141Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.141Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:3.141Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.141Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.172Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.172Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.172Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.172Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:3.172Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:3.172Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:3.235Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:3.235Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.235Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:3.235Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.250Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:3.266Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:3.266Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:3.282Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.282Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.297Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.297Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.297Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:3.297Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.313Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:3.329Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.329Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.329Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.344Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:3.344Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.344Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:3.375Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:3.375Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:3.438Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:3.438Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.438Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:3.438Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:3.469Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.469Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:3.532Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:3.532Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:3.532Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.532Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:3.532Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:3.563Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.563Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:3.625Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.625Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.625Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.625Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.625Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.625Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.625Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:3.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.625Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.625Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:3.625Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:3.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.657Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.704Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.704Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.704Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.750Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.750Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
19/10/2019 - 5:46:3.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
19/10/2019 - 5:46:3.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:46:3.860Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:3.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.860Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.860Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.860Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.875Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.875Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:3.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
19/10/2019 - 5:46:3.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
19/10/2019 - 5:46:3.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:46:3.938Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:46:4.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:4.172Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:46:4.172Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:46:4.172Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.172Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:46:4.172Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:46:4.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.266Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.313Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:4.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:4.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:4.375Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.375Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.375Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.391Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.375Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.391Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.391Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.391Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:4.391Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.391Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:4.454Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.454Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.454Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.454Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.516Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.516Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.516Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.532Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.547Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.547Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.641Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.641Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.657Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.657Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:4.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.829Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:4.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:4.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.985Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:5.47Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:5.125Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 5:46:5.235Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 5:46:5.329Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.329Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 5:46:5.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.329Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.375Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.375Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 5:46:5.375Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.422Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.469Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.469Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.516Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.563Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.610Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.657Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.704Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.750Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.797Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.844Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.891Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:5.938Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.938Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:5.938Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:5.938Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:5.938Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.938Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:5.954Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.954Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:46:5.954Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:5.954Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:5.954Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.954Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:5.954Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:6.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:6.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:6.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:6.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:6.16Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.16Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:6.16Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:6.16Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:6.16Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:46:6.16Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:6.32Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:6.32Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:6.32Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:6.94Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.141Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.188Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.235Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.282Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.329Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.375Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.422Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.469Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.516Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.563Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.610Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.657Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.750Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.797Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.844Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.938Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:6.985Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:7.47Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
19/10/2019 - 5:46:7.47Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
19/10/2019 - 5:46:7.47Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
19/10/2019 - 5:46:7.47Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
19/10/2019 - 5:46:7.110Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
19/10/2019 - 5:46:7.110Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
19/10/2019 - 5:46:7.110Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
19/10/2019 - 5:46:7.110Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
19/10/2019 - 5:46:7.219Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.250Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:7.360Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.485Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.657Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
19/10/2019 - 5:46:7.704Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
19/10/2019 - 5:46:7.704Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.797Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.797Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.844Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.844Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.844Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.844Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.844Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.750Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.844Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.844Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.844Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.844Read2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.844Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.844Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.891Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.891Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.891Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:7.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.907Open2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:7.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.907Unknown2332C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:7.969Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.32Read1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Unknown1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:8.79Open1408C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
1