Report #702 check_circle

  • Creation Date: Oct. 19, 2019, 2:23 a.m.
  • Last Update: Oct. 19, 2019, 6:44 a.m.
  • File: 050
  • Results:
Binary
DLL
False cancel
Size
2.49MB
trid
32.3% InstallShield setup
31.2% Win32 EXE PECompact compressed
23.4% Win32 Executable MS Visual C++
4.9% Win32 Dynamic Link Library
3.3% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
151808e86807fc1ed96650df54dffd8a
sha1
e7dc0407939acbcf534747c449ff4c1d2da9be85
crc32
0x19707364
sha224
941cade2a4a9146d7e17bbbbfbef97509ac14bf6925fe5a2b9b0e882
sha256
2157b20dec2aa861e9935d543dabf16b228cc0c56ce5ef261b1ac916538b3bc7
sha384
f2e934fa2ce77bb118cc8eee971aa797ca1d34843211180d67f048f359a42a7dbfd955046876d3072bc9faa5d68158fe
sha512
cb715b8e8396ba1cc7b2c030b5e0a4c580ea2015978640a7ee98834224dacff0a6d5346e413fcf3b2debd440de59b985f41df4199d7f56abb53d685ef005dc31
ssdeep
49152:EejBQDEnlfVpgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+sw/:vrtX5jKNOj+7
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, BASE64_table, escalate_priv, HasRichSignature, DebuggerException__SetConsoleCtrl, spreading_share, create_service, antisb_threatExpert, network_dns, cred_local, network_http, win_files_operation, IsPE32, win_hook, disable_dep, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, migrate_apc, IsWindowsGUI, Big_Numbers5, DebuggerHiding__Thread, network_udp_sock, anti_dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpreter, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Check_Dlls, System_Tools, create_com_service, powershell, Big_Numbers0

Suspicious
True check_circle

Strings
List
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost
Matches
0.exe, 504 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.0.0.3, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ole32.dll, ADVAPI32.dll, OLEAUT32.dll, USER32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 316416
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 58224
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: ole32.dll, advapi32.dll, oleaut32.dll, user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2016-10-03 13:27:08
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 9
.rsrc: 51
.text: 38
.rdata: 10

nopsequence
.rsrc: 2

pushpopmath
.data: 11
.rsrc: 23
.text: 32
.rdata: 7

ss register
.text: 1

garbagebytes
.data: 6
.rsrc: 16
.text: 17
.rdata: 3

hookdetection
.rsrc: 1
.rdata: 1

software breakpoint
.rsrc: 3
.text: 4
.rdata: 2

fakeconditionaljumps
.rsrc: 1
.text: 2
.rdata: 1

programcontrolflowchange
.data: 6
.rsrc: 15
.text: 15
.rdata: 2

cpuinstructionsresultscomparison
.data: 1
.rsrc: 3
.text: 1

AVclass
trickbot
1
VirusTotal
md5
151808e86807fc1ed96650df54dffd8a
sha1
e7dc0407939acbcf534747c449ff4c1d2da9be85
SCANS
AVG
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20190906
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190906
version: 5.60
detected: True check_circle

Bkav
update: 20190903
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan ( 0052f20f1 )
update: 20190906
version: 11.65.31928
detected: True check_circle

ALYac
result: Trojan.GenericKD.40341537
update: 20190906
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Crypt.XPACK.Gen
update: 20190906
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trickbot.T.gen!Eldorado
update: 20190906
version: 6.2.0.1
detected: True check_circle

DrWeb
update: 20190906
version: 7.0.41.7240
detected: False cancel

GData
result: Trojan.GenericKD.40341537
update: 20190906
version: A:25.23285B:26.15960
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20190905
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.TrojanBanker.Trickster
update: 20190905
version: 4.0.0
detected: True check_circle

VIPRE
update: 20190906
version: 77674
detected: False cancel

Zoner
result: Trojan.Win32.69742
update: 20190906
version: 1.0.0.1
detected: True check_circle

ClamAV
update: 20190905
version: 0.101.4.0
detected: False cancel

Comodo
update: 20190906
version: 31432
detected: False cancel

F-Prot
result: W32/Trickbot.T.gen!Eldorado
update: 20190906
version: 4.7.1.166
detected: True check_circle

Ikarus
update: 20190905
version: 0.1.5.2
detected: False cancel

McAfee
result: Artemis!151808E86807
update: 20190906
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.TrickBot!8.E313 (TFE:5:wedju0msOzC)
update: 20190906
version: 25.0.0.24
detected: True check_circle

Sophos
update: 20190906
version: 4.98.0
detected: False cancel

Yandex
result: TrojanSpy.Agent!7LfkvHSycnc
update: 20190822
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.GenericKD.Win32.141316
update: 20190905
version: 2.0.0.3894
detected: True check_circle

Acronis
result: suspicious
update: 20190904
version: 1.1.1.56
detected: True check_circle

Alibaba
result: Trojan:Win32/Dridex.4ae8ce00
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2679021
update: 20190906
version: 1.0.0.856
detected: True check_circle

Cylance
result: Unsafe
update: 20190906
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190819
version: 3.0.14
detected: True check_circle

FireEye
result: Generic.mg.151808e86807fc1e
update: 20190906
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190906
version: 2019-09-06.01
detected: False cancel

Tencent
update: 20190906
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190905
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20190906
version: 1.0.0.403
detected: True check_circle

eGambit
result: Trojan.Generic
update: 20190906
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.40341537
update: 20190906
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Malicious.4!c
update: 20190906
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.40341537 (B)
update: 20190906
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Crypt.XPACK.Gen
update: 20190905
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/GenKryptik.CGMH!tr
update: 20190906
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: TrojanSpy.Agent.ackk
update: 20190906
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190906
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190906
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Trickybot
update: 20190906
version: 1.10.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20190826
version: 3.1.81.800
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Meretam.R232757
update: 20190906
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.MereTam
update: 20190906
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20190906
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Dridex.S!MTB
update: 20190906
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
result: HEUR/QVM20.1.B2C7.Malware.Gen
update: 20190906
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
update: 20190906
version: 1.0
detected: False cancel

Cybereason
result: malicious.86807f
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/TrickBot.AQ
update: 20190906
version: 19974
detected: True check_circle

TrendMicro
update: 20190906
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.40341537
update: 20190906
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0052f20f1 )
update: 20190906
version: 11.65.31928
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190905
version: 190905-02
detected: False cancel

Malwarebytes
update: 20190906
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190905
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190905
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190906
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
result: Trojan.GenericKD.40341537
update: 20190906
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190830
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20190906
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190906
version: 10.0.0.1040
detected: False cancel

total
70
sha256
2157b20dec2aa861e9935d543dabf16b228cc0c56ce5ef261b1ac916538b3bc7
scan_id
2157b20dec2aa861e9935d543dabf16b228cc0c56ce5ef261b1ac916538b3bc7-1567748829
resource
151808e86807fc1ed96650df54dffd8a
positives
47
scan_date
2019-09-06 05:47:09
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\dwmapi.dll
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
19/10/2019 - 5:45:45.309Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:45.309Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Open1480C:\malware.exeC:\SXS.DLL
19/10/2019 - 5:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
19/10/2019 - 5:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
19/10/2019 - 5:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll\3
19/10/2019 - 5:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:45.512Read1480C:\malware.exeC:\Windows\SysWOW64\vbscript.dll
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\
19/10/2019 - 5:45:46.215Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.215Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.215Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.215Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.215Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk
19/10/2019 - 5:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\msdesk\malwase.exe
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.325Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.325Unknown2136C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.325Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.340Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.340Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.356Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.356Read1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.356Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.356Open1488C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:46.356Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.356Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.356Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.356Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.356Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.372Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.372Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.372Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.372Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:45:46.372Open2476C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:46.372Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.372Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:45:46.372Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:45:46.372Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:45:46.372Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.372Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.387Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.387Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 5:45:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.668Read1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.668Unknown1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.668Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.668Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:46.684Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.684Unknown1488C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.684Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.684Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.684Read1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.684Read1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.700Open1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.700Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:46.700Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.700Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.700Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.715Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.715Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:46.715Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.715Unknown2476C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.715Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.715Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.715Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:46.715Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.715Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.715Read2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.715Open2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ui\SwDRM.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.731Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.731Read2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.747Open2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:46.809Unknown2548C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.809Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.809Read2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.856Open2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 5:45:46.856Read2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.856Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATL.DLL
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\atl.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscoree.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.mui
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:46.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:46.856Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\Prefetch\SC.EXE-1CF1DE92.pf
19/10/2019 - 5:45:46.856Open2424C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:46.856Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.856Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:46.856Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.856Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:46.856Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.872Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:46.872Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:46.872Open2424C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:46.872Unknown2424C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:46.872Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.872Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.872Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:46.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 5:45:46.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\desktop.ini
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:46.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:45:46.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:46.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\desktop.ini
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:46.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:46.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:46.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
19/10/2019 - 5:45:46.965Unknown2548C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:46.965Unknown2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.965Unknown2548C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:46.965Open2424C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.mui
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:47.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 5:45:47.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\desktop.ini
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 5:45:47.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public
19/10/2019 - 5:45:47.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:47.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\apphelp.dll
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.28Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.28Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:47.28Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.28Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.28Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.90Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:47.90Unknown1488C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.168Unknown2424C:\Windows\SysWOW64\sc.exeC:\Windows
19/10/2019 - 5:45:47.168Unknown2424C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.168Unknown2424C:\Windows\SysWOW64\sc.exeC:\Windows\SysWOW64\pt-BR\sc.exe.muisc.exe.mui
19/10/2019 - 5:45:47.262Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:45:47.262Unknown2136C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:47.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:47.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:47.575Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:47.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:47.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:47.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:47.668Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:47.668Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:47.668Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:47.715Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:47.715Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 5:45:47.715Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\xmllite.dll
19/10/2019 - 5:45:47.715Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 5:45:47.715Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wer.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\gameux.dll
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:48.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:48.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 5:45:48.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:48.262Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:48.262Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.262Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:48.262Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:48.262Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:48.262Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.262Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
19/10/2019 - 5:45:48.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:48.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
19/10/2019 - 5:45:48.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:48.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:48.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:48.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:48.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 5:45:48.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 5:45:48.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:48.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\LINKINFO.dll
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 5:45:48.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\linkinfo.dll
19/10/2019 - 5:45:48.543Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:48.543Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:48.543Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/10/2019 - 5:45:48.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.747Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:48.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ntshrui.dll
19/10/2019 - 5:45:48.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:48.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:49.90Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\srvcli.dll
19/10/2019 - 5:45:49.90Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:49.90Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\cscapi.dll
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\slc.dll
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.278Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.278Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.278Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnkWindows PowerShell.lnk
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exepowershell_ise.exe
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\hh.exe
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.309Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.325Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\CRYPTSP.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.tempP0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.tempP0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.tempP0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.tempP0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:49.340Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0PDTQ0Q50KUVECNCUBO.tempP0PDTQ0Q50KUVECNCUBO.temp
19/10/2019 - 5:45:49.340Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
19/10/2019 - 5:45:49.340Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\mscoree.dll.local
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:49.340Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:49.340Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
19/10/2019 - 5:45:49.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:49.356Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:49.372Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:49.387Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.387Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.387Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:45:49.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:49.387Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:49.403Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:49.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:49.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:49.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:49.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:49.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:49.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:49.403Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config
19/10/2019 - 5:45:49.403Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:49.418Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:49.418Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 5:45:49.418Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 5:45:49.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:49.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.90Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:50.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.215Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:51.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:51.309Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:45:51.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:51.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.715Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
19/10/2019 - 5:45:52.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:52.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:53.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:54.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:55.715Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
19/10/2019 - 5:45:55.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:56.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\pt-br.nlp
19/10/2019 - 5:45:56.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 5:45:56.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\pubpol4.dat
19/10/2019 - 5:45:56.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
19/10/2019 - 5:45:56.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:56.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:56.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 5:45:56.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:56.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:56.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:56.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:56.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 5:45:56.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.981Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:56.981Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.28Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:57.403Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:57.403Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:57.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:57.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:57.637Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:45:57.637Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:57.684Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.684Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:45:57.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:57.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:45:58.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:58.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:58.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:58.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:58.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:58.293Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:58.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:58.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:45:58.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:58.950Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:59.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 5:45:59.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:45:59.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:59.168Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:59.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:45:59.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:45:59.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:0.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:0.450Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:0.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:0.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:0.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:0.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:0.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.106Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\BVTBin\Tests\installpackage\csilogfile.log
19/10/2019 - 5:46:1.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:1.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:1.856Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 5:46:1.997Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:1.997Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 5:46:1.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.90Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:2.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:3.262Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:3.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:3.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:3.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:3.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:3.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:3.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:4.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:4.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:4.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:4.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:4.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:4.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:4.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:5.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:5.90Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:5.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:5.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:5.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\version.dll
19/10/2019 - 5:46:5.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:46:5.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:46:5.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:5.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:5.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:5.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:5.887Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:5.887Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:5.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:5.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:6.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\l_intl.nls
19/10/2019 - 5:46:6.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 5:46:6.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:6.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
19/10/2019 - 5:46:7.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
19/10/2019 - 5:46:7.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:7.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
19/10/2019 - 5:46:7.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 5:46:7.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:7.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:7.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:7.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:7.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:7.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:7.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:7.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:7.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:8.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:8.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:8.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:8.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:8.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:8.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:8.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:8.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:8.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:8.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:8.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:8.637Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:8.637Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.684Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.684Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:8.965Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:8.965Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:8.965Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:46:8.965Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:46:9.59Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
19/10/2019 - 5:46:9.59Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 5:46:9.137Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.137Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
19/10/2019 - 5:46:9.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dllSystem.Core.dll
19/10/2019 - 5:46:9.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:9.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:9.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:9.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:9.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:9.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dllMicrosoft.PowerShell.Commands.Diagnostics.dll
19/10/2019 - 5:46:9.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:9.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:9.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 5:46:9.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:9.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dll
19/10/2019 - 5:46:9.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:9.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:9.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:9.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:9.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:10.28Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:10.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:10.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:10.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:10.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:10.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:10.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:10.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f1fdabccbbc596710f24607662898d06\System.Configuration.Install.ni.dllSystem.Configuration.Install.ni.dll
19/10/2019 - 5:46:10.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:10.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:10.450Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:10.543Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:10.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:46:10.590Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.590Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:46:10.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:10.965Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:10.965Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:10.965Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:10.965Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:11.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:11.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.153Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:46:11.153Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:46:11.153Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:11.153Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
19/10/2019 - 5:46:11.153Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:11.153Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:11.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:11.200Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:11.200Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:11.200Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.200Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.200Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.200Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.200Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.200Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dllMicrosoft.WSMan.Runtime.dll
19/10/2019 - 5:46:11.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:11.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:11.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:11.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:11.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:11.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:11.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:11.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:12.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:12.403Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 5:46:12.497Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
19/10/2019 - 5:46:12.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.825Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:12.825Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:12.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:12.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:13.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:46:13.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.153Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:46:13.153Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:46:13.153Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.153Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:46:13.200Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:46:13.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:46:13.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:13.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:13.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:13.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.340Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
19/10/2019 - 5:46:13.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.481Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
19/10/2019 - 5:46:13.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:13.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:13.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:13.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:13.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:13.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:13.762Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:13.809Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:13.809Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:13.809Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:13.809Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:13.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:13.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:13.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:13.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:13.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.90Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.325Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:14.325Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:14.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.418Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.418Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.418Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.418Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:14.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:14.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:14.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:14.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:14.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:14.700Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:14.700Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.700Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.700Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:14.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:15.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:15.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dllMicrosoft.PowerShell.Commands.Management.dll
19/10/2019 - 5:46:15.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 5:46:15.215Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.215Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
19/10/2019 - 5:46:15.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.590Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:15.637Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:15.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:15.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:16.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:16.59Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.153Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.153Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.434Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:16.528Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:16.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:16.762Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:16.809Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:16.809Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:46:16.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:16.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:46:16.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:16.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:16.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:17.122Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35
19/10/2019 - 5:46:17.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.122Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.122Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.122Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dllMicrosoft.PowerShell.Security.dll
19/10/2019 - 5:46:17.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.356Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en.nlp
19/10/2019 - 5:46:17.356Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config
19/10/2019 - 5:46:17.356Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:17.356Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:17.356Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:17.356Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.356Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.356Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:17.543Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:17.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.543Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.543Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.543Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dllMicrosoft.PowerShell.ConsoleHost.Resources.dll
19/10/2019 - 5:46:17.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:17.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:17.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dllMicrosoft.PowerShell.ConsoleHost.dll
19/10/2019 - 5:46:17.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:17.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:17.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:17.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:17.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:17.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:18.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:18.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:18.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:18.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:18.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:18.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:18.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:18.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:18.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:18.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:18.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:18.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:18.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:18.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:19.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:19.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:19.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:19.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:19.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:19.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:19.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:19.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:20.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:20.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:20.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:20.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:20.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:20.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:20.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:20.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:20.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:20.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:20.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:20.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:20.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:20.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:20.684Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 5:46:20.825Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:20.825Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
19/10/2019 - 5:46:20.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:20.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:20.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:20.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:21.340Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 5:46:21.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:21.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:21.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:21.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:22.43Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:22.43Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:22.90Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:22.90Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.137Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.137Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.372Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:22.372Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:22.372Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.372Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.372Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.372Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.372Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.372Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:22.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:22.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:22.512Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\shfolder.dll
19/10/2019 - 5:46:22.512Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 5:46:22.512Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 5:46:22.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 5:46:22.747Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents
19/10/2019 - 5:46:22.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:22.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:22.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:22.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:22.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:22.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:22.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:22.981Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:22.981Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:23.28Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:23.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:23.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.778Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml
19/10/2019 - 5:46:23.778Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xmlgetevent.types.ps1xml
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:23.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:23.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:24.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
19/10/2019 - 5:46:24.575Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xmltypes.ps1xml
19/10/2019 - 5:46:24.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:24.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:24.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:24.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:24.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:24.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.90Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:25.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:25.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:26.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:26.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:26.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
19/10/2019 - 5:46:26.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:26.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:26.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:26.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:26.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:26.497Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:26.543Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:26.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:26.590Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.590Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:26.637Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.637Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:26.684Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.684Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:26.684Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:26.684Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:26.684Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:26.684Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:26.731Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:26.731Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:26.778Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:26.778Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:26.825Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:26.825Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:26.825Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:26.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:26.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:26.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:26.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:26.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 5:46:26.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xmlDiagnostics.Format.ps1xml
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.997Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xmlWSMan.Format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 5:46:26.997Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:26.997Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
19/10/2019 - 5:46:26.997Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xmlCertificate.format.ps1xml
19/10/2019 - 5:46:27.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:27.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
19/10/2019 - 5:46:27.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:27.43Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xmlDotNetTypes.format.ps1xml
19/10/2019 - 5:46:27.43Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xmlFileSystem.format.ps1xml
19/10/2019 - 5:46:27.43Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
19/10/2019 - 5:46:27.59Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xmlHelp.format.ps1xml
19/10/2019 - 5:46:27.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:27.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.122Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xmlPowerShellCore.format.ps1xml
19/10/2019 - 5:46:27.137Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xmlPowerShellTrace.format.ps1xml
19/10/2019 - 5:46:27.137Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
19/10/2019 - 5:46:27.137Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xmlRegistry.format.ps1xml
19/10/2019 - 5:46:27.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:27.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dllMicrosoft.WSMan.Management.dll
19/10/2019 - 5:46:27.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:27.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:27.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:27.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:27.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.247Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.247Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.512Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:27.512Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:27.512Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.512Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.512Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.512Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.512Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.512Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dllMicrosoft.WSMan.Management.resources.dll
19/10/2019 - 5:46:27.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
19/10/2019 - 5:46:27.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\secur32.dll
19/10/2019 - 5:46:27.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:46:27.903Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:46:27.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:27.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:28.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:28.90Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:28.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:28.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:28.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:28.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:46:28.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot
19/10/2019 - 5:46:28.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:28.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:28.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:28.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.653Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dllSystem.Transactions.ni.dll
19/10/2019 - 5:46:28.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:28.747Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:28.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:28.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.793Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dllMicrosoft.PowerShell.Security.Resources.dll
19/10/2019 - 5:46:28.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.872Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.872Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:28.981Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:28.981Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:29.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:29.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:29.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:29.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:29.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:29.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
19/10/2019 - 5:46:29.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:29.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:29.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:29.403Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 5:46:29.543Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.543Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
19/10/2019 - 5:46:29.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.903Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.950Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:29.997Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.90Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.137Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.184Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:30.512Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089
19/10/2019 - 5:46:30.512Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.653Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.700Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:30.747Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:30.793Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:30.840Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:30.887Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:30.934Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:30.981Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.28Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:31.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:31.122Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.122Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:31.122Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
19/10/2019 - 5:46:31.168Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:46:31.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:31.168Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:31.168Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:31.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
19/10/2019 - 5:46:31.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.215Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.262Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.309Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.356Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:31.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:31.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:31.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:31.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:31.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:31.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.106Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.153Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.200Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.247Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.293Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.387Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.434Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.528Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.856Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:32.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
19/10/2019 - 5:46:32.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
19/10/2019 - 5:46:32.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\profile.ps1
19/10/2019 - 5:46:32.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
19/10/2019 - 5:46:33.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:33.43Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:33.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:33.168Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:33.293Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Globalization\en-us.nlp
19/10/2019 - 5:46:33.340Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:33.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:33.387Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:33.481Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:33.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:33.575Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.575Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:33.575Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.622Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.668Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.762Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.809Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:33.809Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 5:46:33.809Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:33.809Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:33.809Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.809Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 5:46:33.809Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.809Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.809Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:33.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:33.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:34.12Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\wbem
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
19/10/2019 - 5:46:34.75Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:34.184Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 5:46:34.231Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.231Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 5:46:34.231Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.278Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.325Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.372Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.418Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 5:46:34.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.Local
19/10/2019 - 5:46:34.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:34.465Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:34.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.465Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.465Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 5:46:34.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\symbols\dll\System.Management.Automation.pdb
19/10/2019 - 5:46:34.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\dll\System.Management.Automation.pdb
19/10/2019 - 5:46:34.481Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System.Management.Automation.pdb
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:34.481Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dllSystem.Management.Automation.dll
19/10/2019 - 5:46:34.543Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.590Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.637Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.684Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.731Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.778Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.872Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.918Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:34.965Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:35.12Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:35.59Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:35.122Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dllMicrosoft.PowerShell.Commands.Utility.dll
19/10/2019 - 5:46:35.403Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_pt-BR_31bf3856ad364e35\System.Management.Automation.Resources.dllSystem.Management.Automation.Resources.dll
19/10/2019 - 5:46:35.450Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:35.497Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 5:46:35.559Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:35.606Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dllSystem.Data.ni.dll
19/10/2019 - 5:46:35.715Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 5:46:35.825Read2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 5:46:35.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2820.1120953
19/10/2019 - 5:46:35.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2820.1120953
19/10/2019 - 5:46:35.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2820.1120953
19/10/2019 - 5:46:35.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\netutils.dll
19/10/2019 - 5:46:35.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 5:46:35.918Open2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\pt-BR\powershell.exe.muipowershell.exe.mui
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:35.918Unknown2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 5:46:35.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:46:35.981Unknown2476C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64

Process
Trace
19/10/2019 - 5:45:46.215Create1480C:\malware.exe2136C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Create1480C:\malware.exe1488C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.231Create1480C:\malware.exe2476C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:46.684Create1488C:\Windows\SysWOW64\cmd.exe2548C:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.715Create2476C:\Windows\SysWOW64\cmd.exe2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:45:46.731Create2136C:\Windows\SysWOW64\cmd.exe2424C:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:46.965Terminate1488C:\Windows\SysWOW64\cmd.exe2548C:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:47.90Terminate1480C:\malware.exe1488C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:45:47.168Terminate2136C:\Windows\SysWOW64\cmd.exe2424C:\Windows\SysWOW64\sc.exe
19/10/2019 - 5:45:47.262Terminate1480C:\malware.exe2136C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:46:35.918Terminate2476C:\Windows\SysWOW64\cmd.exe2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
19/10/2019 - 5:46:35.981Terminate1480C:\malware.exe2476C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.887Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.997Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.997Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.997Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.997Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:46.997Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:47.12Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10101
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10058
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10061
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10059
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10209
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10055
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10057
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10103
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10056
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10054
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.247Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDB@gameux.dll,-10102
19/10/2019 - 5:45:48.262Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.262Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.465Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:45:48.465Write2820C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 48.86%
suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: True check_circle
Add to Collection
Download